intellectual property issues in the cloud · an introduction to cloud computing and international...
TRANSCRIPT
LEGAL CHALLENGES IN THE CLOUD
1
INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
EMERGING LEGAL CHALLENGES IN THE CLOUD IN THE CONTEXT OF
INTELLECTUAL PROPERTY
LEGAL CHALLENGES IN THE CLOUD
2
CONTENTS
1 INTRODUCTION
2 THE CLOUD DEFINING THE TERRITORY
3 LEGAL ISSUES IN THE CLOUD
4 OVERVIEW OF INTELLECTUAL PROPERTY INFRINGEMENT IN THE
CLOUD
5 HARMONIZING IP WITH THE CLOUD
6 INDIArsquoS TRYST WITH THE CLOUD
7 CONCLUSION
8 BIBLIOGRAPHY
BOOKS
ARTICLES
REPORTS
CASES
INTERNATIONAL INSTRUMENTS
STATUTES
INTERNET SOURCES
LEGAL CHALLENGES IN THE CLOUD
3
CHAPTER 1
INTRODUCTION
By LENNY THOMAS KURAKAR1
The interesting thing about cloud computing is that wersquove redefined cloud computing to include
everything that we already do ndashRichard Stallman
1 The cloud used to be a clicheacute designating the Internet and often a cloud shape represents the
Internet in a network diagram But now it is more than just an abstraction synonymous with
the web ldquoCloud Computingrdquo has evolved to define the new advancement in technology It is
a term now used to describe the on-demand computing services provided by cloud service
providers It is a model in which the computing infrastructure is viewed as a lsquocloudrsquo from
which users can access applications from anywhere in the world2 It is the delivery of
computational resources allocated from a place other than the one from which the user is
computing3 Cloud services are used constantly with or without the users realizing this fact
whether it is Facebook Twitter or Azure4
2 The cloud has accelerated the growth of the IT sector and enabled an OPEX5 model of
business which provides the economic appeal for choosing the cloud However the reign of
the cloud should be watched with some concern It accompanies with it jurisdictional
intellectual property and privacy issues Since technology has fast outpaced the legal regime
for protection of rights the law has to catch up with the change There is a compelling need
for a law that can operate beyond territorial limits in order to rein in the cloud
1 Post graduate Student of NALSAR University of Law During her internship program at Altacit Global
2 RAJKUMAR BUYYA JAMES BROBERG AND ANDRZEJ GOSCINSKI (Ed) CLOUD COMPUTING
PRINCIPLES AND PARADIGMS 2011 3 JOHN W RITTINGHOUSE amp JAMES F RANSOME CLOUD COMPUTING IMPLEMENTATION
MANAGEMENT AND SECURITY at xxvii (2010) 4 Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY (last accessed on 12 December 2014)
See also Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15 2011)
httpwwwmakcuseofcomtagcloud-computing-work-technology-explained (last accessed on 12 December 2014) 5 OPEX model- where only the operational expenses are incurred unlike the conventional CAPEX-Capital
expenditure
LEGAL CHALLENGES IN THE CLOUD
4
CHAPTER 2
THE CLOUD DEFINING THE TERRITORY
3 Cloud computing refers to the use of the internet (ldquocloudrdquo) based computer technology for a
variety of services It is a computing model in which virtualized resources are provided as a
service over the internet6 Generally it can be said to be a way of providing IT functions
such as information storage processing power and computer programs as services over the
internet through the usage of external (often remote) servers7 This means that the
information programs and applications which are conventionally stored in the computer or
other hardware are now stored on external servers which can be accessed through the
internet This allows computing to be given as a utility comparable to the other utilities like
electricity and water
4 The essential characteristics of the cloud include on-demand self-service broad network
access pooling of resources rapid elasticity and measured service all of which are captured
in the NIST definition NIST defines
lsquocloud computingrsquo as a model for enabling convenient on-demand network access to a
shared pool of configurable computing resources like networks servers storage
applications and services that can be rapidly provisioned and released with minimal
management effort or service provider interaction8
I Types of clouds
a Service models
6 Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN 2249-6645 IJMER
Vol 2 Issue 3 May- June 2012 pp 902-905 7 How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehow_borderless_cloud_epdf (last accessed on 12
Dec 2014) 8 PETER MELL amp TIMOTHY GRANCE THE NIST DEFINITION OF CLOUD COMPUTING
RECOMMENDATIONS OF THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2 (2011)
available at httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf [hereinafter NIST DEFINITION OF
CLOUD COMPUTING]
LEGAL CHALLENGES IN THE CLOUD
5
5 The NIST definition gives three service models of the cloud viz SaaS (software as a
service) PaaS (platform as a service) and IaaS (Infrastructure as a service) SaaS is a
complete operating environment with applications management and user interface In this
model everything from the application down to infrastructure is the vendor responsibility the
client is simply using the application entering managing data etc9 PaaS
10 provides virtual
machines operating systems applications services development frameworks transactions
and control structures11
IaaS12
service provider manages the entire infrastructure while the
client is responsible for all other aspects of deployment that can include the operating system
and applications13
Sometimes IaaS providers are also PaaS and SaaS providers14
6 In addition to these three categories a number of other possible types of as-a-service (-aas)
categories have appeared Common lsquoaasrsquo categories include Applications-as-a-Service
Backup-as-a-Service Desktop-as-a-Service and Business Processes-as-a-Service15
b Deployment models
7 Cloud services are deployed in different ways depending on its organizational structure and
provisioning location and who has access to the cloud The four deployment models of the
cloud are public cloud (also called utility computing) private cloud (virtual private cloud)
community cloud and hybrid cloud
8 Public cloud16
infrastructure is available to the general public and is provided by a third party
service provider Private clouds17
are cloud services within an organizational structure which
are operated solely for a designated company Cloud computing normally does not include
private clouds18
Though public clouds are more efficient than private clouds they are also
the most vulnerable
9 BARRIE SOSINSKI CLOUD COMPUTING BIBLE 11 (2011)
10 Forcecom Microsoft Azure platform Zoho creator and GoGrid CloudCenter are some PaaS cloud services 11
Supra n8 12
Some IaaS clouds are Eucalyptus and GoGrid 13
Supra n 8 14
Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property Issues RESER
Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf last accessed on 10 December 2014 15
Supra n 6 16
Some public clouds are Amazon Web Services (AWS) containing the Elastic Compute Cloud (EC2) (IaaS) and
the Simple Storage Service (S3) Google App Engine (PaaS) G-mail Microsoft Azure and Salesforcecom 17
Cerelink is a private cloud 18
Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz Andrew Konwinski
LEGAL CHALLENGES IN THE CLOUD
6
9 Where organizations share a private cloud it becomes a community cloud19
Enterprises
having similar specific needs can pool their resources to procure a community cloud It is a
generalization of a private cloud The hybrid cloud20
computing service combines the
deployment models of the public and private clouds
II Essential characteristics of the cloud
10 Computing as a service provides a new type of utility with its accompanying features From a
hardware point of view the following three aspects are new in Cloud Computing 21
a Cloud computing provides infinite resources (or creates an illusion of it) for the purpose
of the users The cloud is facilitated by the external servers of the Cloud Service
Providers22
which can be situated anywhere in the world This enables the users to
depend less on hardware and eliminates the need to provision for the future as the cloud
takes care of it all
b Companies can start on a short term basis and increase the quantity of resources used as
per their needs
c Payment can be made on a short- term basis (eg processors by the hour and storage by
the day)
11 However as the name lsquocloudrsquo signifies lack of locality of hardware and data is another
aspect of the cloud The data may be stored in multiple jurisdictions and in a fragmented
form This ambiguous nature of the cloud is what causes apprehension for the law Since
laws are usually territorial and the cloud cannot be confined within any such boundary the
nations are unprepared to answer the questions raised in the cloud The issues in cloud
computing include those relating to jurisdiction data sovereignty and privacy and intellectual
property
CHAPTER 3
LEGAL ISSUES IN THE CLOUD
I Privacy concerns
Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia Above the Clouds A Berkeley View of
Cloud Computing Technical Report No UCBEECS-2009-28
httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html last accesses on 9 December 2014 19
Google Gov Cloud is a community cloud 20
Rackspace is an example for a hybrid cloud 21
Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First workshop on Cloud
Computing and in Applications (CCA rsquo08) (October 2008) 22
Herein referred to as CSP
LEGAL CHALLENGES IN THE CLOUD
7
12 When data is stored in the cloud it means that the CSP has the data of the cloud user
However the CSP may have subcontracted the storage function to another company There
might be many other sub-contractor companies which enable the cloud This means that the
third party company could change their terms and conditions or upgrade their hardware
software without any permission or knowledge of the user Upgrades and amendments in the
privacy policy may cause the data to be exposed on the internet23
Further the customer
agreement is subject to the Service Level Agreements of the CSPrsquos The threat of third party
access always looms over the head of the user24
and the possibility of security glitches
cannot be ignored25
13 The data is likely to be stored in another country with more or less data protection It is
subjected to local laws that are outside the control of the data owner Most cloud storage
providers (Dropbox Google Drive OneDrive etc) do not encrypt data at rest26
Encryption
of data in the cloud allows the CSP to guarantee the protection of the data from unauthorized
access of data by third parties to some extent But legal access to the data in the cloud can
also be a problem to the user Situations can also arise where information stored in a certain
country is by legal obligation made available to that countryrsquos authorities such as police or
intelligence authorities27
23
Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud last access on 10
December 2014 24
See Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange Austin Tex) (Issue No 2) 25
Both Google Docs and Dropbox have experienced security glitches In 2009 a glitch within Google Docs caused
private documents to be inadvertently exposed75 JR Raphael Google Docs Glitch Exposes Private Files
PCWORLD (Mar 9 2009 120 PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-
fileshtml In 2011 Dropbox disclosed a bug that created a gateway for potential hackers to obtain access to
confidential information from any Dropbox user for the hacker merely needed the users e-mail address to have
unfettered access to [the users] entire Dropbox Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball in 2012 Dropbox publicly reported another security
glitch Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012 737 PM)
httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-offers users-help see also Barb
Darrow Dropbox Yes We Were HackedGIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014) (last access on 8 Decmber
2014) 26
Supra n 22 27
The PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001) in the United States allows federal security agencies to directly utilize Cloud
providerrsquos infrastructure for wiretapping and surveillance purposes which can also be accompanied with a gag order
LEGAL CHALLENGES IN THE CLOUD
8
14 EUrsquos Directive on the Protection to the Individuals with regard to the Processing of Personal
Data and on the Free Movement of Such Data28
has imposed new restrictions on the
collection storage and public availability of the data
II Jurisdictional concerns
15 The dynamic nature of the Cloud means that data is more often in transit both within and
away from the cloud provider resulting in multiple jurisdictional claims on the same
information There is no international treaty or any kind of consensus as to which law should
be deemed applicable in case of conflict
16 The result is that courts might have to rely on the physical location of the servers in which
the material is copied to determine jurisdiction29
17 The matter of jurisdiction is causing unrest in the legal fraternity The issues of cross-border
cases result in the courts exercising long-arm jurisdiction The courts are currently trying to
sew together the fabric of private international law with the territorial legislations in order to
counter the problems The result is just a patchwork solution to the cloud issues
III Intellectual property concerns
18 Online platforms offered by intermediaries allow users to upload and share material30
There
are also platforms for exchange of specified assets31
which facilitate additional activities
which enable users to follow other users32
In all these instances the transactions take place
in the ldquocloudrdquo
19 Intellectual property primarily relates to information whether confidential or data
expressions of ideas (protected primarily by copyright) signs and branding (protected by
(section 505) In an attempt to strengthen government control over the internet Cambodia is implementing a
government-controlled national exchange point through which all internet service providers (ISP) must go in order
to access the national market Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE
March 2 2010 lthttpbitlybrP14Mgt (last access on 6 December 2014) 28
94 46 EC October 1995 29
The German Federal Court in a case between Google and an artist whose paintings were depicted in the search
engine index as thumbnails did not go into the issue whether the depiction amounted to a reproduction of the work
as the server was situated in USA Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany
German Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-8078-
b5d6e9942855pdf See also Hillary Stemple Germany High Court Rules Google Images Do Not Violate
Copyright Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-google-did-
not-violate-copyright-lawsphp( last access on 12 December 2014 ) 30
Eg Blogging facilitated by Google Wordpress Flikrcom 31
Eg eBay Amazon 32
Social networking sites such as Facebook and LinkedIn
LEGAL CHALLENGES IN THE CLOUD
9
copyright and trademarks) and the underlying structures of intellectual ecommerce whether
hardware or software (protected by copyright or patents) Protection of intellectual property
rights from potential infringement has become a herculean task in the cloud environment
20 The cloud due to its nebulous nature possesses a number of infringement possibilities The
main concern over the protection of intellectual property is that they are territorial rights
This makes it difficult to determine whether there is infringement or not The question
whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this
point as there is no territorial infringement as such
21 Even if there is infringement it cannot be efficiently detected to serve the purpose of the
intellectual property protection due to the fragmented nature of the data in the cloud Reverse
engineering is also unhelpful to trace the locus of infringement33
22 The content stored in the cloud is in digital form which can be disseminated instantaneously
rapidly copied by third parties and difficult to monitor in the cloud Hence it is difficult to
track the elements of infringement per se Further the disclaimer clauses and the liability
clauses in the service contracts are usually drafted in such a manner so as to keep liability
risks at bay
23 However the offence of lsquoinducement to infringersquo is being applied by courts and plaintiffs to
deal with this problem
24 There is no definitive law to tackle divided infringement The cloud is facilitated by the
hardware owners service providers and the cloud itself might be the result of a subcontract
among the parties Hence in these cases there arises the situation of divided infringement
IV Lack of control over the data in the cloud
25 Storage of data in different locations through distribution over a wider area and a number of
resources increases the security chances but at the same time it has its negatives
Information in the cloud is actually stored in a place which is out of userrsquos control Access to
cloud storage data could be removed at any time and this is also outside the control of the
33
The access from resources not owned by the cloud consumer is possible as the intermediate connection between
source and target storage devices is provided by the Internet in most cases Hence it is not a simple matter to
identify the path that the data takes from source storage device to the target storage device as this path may not
remain fixed Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic Process
Model MURDOCH UNIVERSITY AUSTRALIA DOI 104018978-1-4666-2662-1ch004
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
2
CONTENTS
1 INTRODUCTION
2 THE CLOUD DEFINING THE TERRITORY
3 LEGAL ISSUES IN THE CLOUD
4 OVERVIEW OF INTELLECTUAL PROPERTY INFRINGEMENT IN THE
CLOUD
5 HARMONIZING IP WITH THE CLOUD
6 INDIArsquoS TRYST WITH THE CLOUD
7 CONCLUSION
8 BIBLIOGRAPHY
BOOKS
ARTICLES
REPORTS
CASES
INTERNATIONAL INSTRUMENTS
STATUTES
INTERNET SOURCES
LEGAL CHALLENGES IN THE CLOUD
3
CHAPTER 1
INTRODUCTION
By LENNY THOMAS KURAKAR1
The interesting thing about cloud computing is that wersquove redefined cloud computing to include
everything that we already do ndashRichard Stallman
1 The cloud used to be a clicheacute designating the Internet and often a cloud shape represents the
Internet in a network diagram But now it is more than just an abstraction synonymous with
the web ldquoCloud Computingrdquo has evolved to define the new advancement in technology It is
a term now used to describe the on-demand computing services provided by cloud service
providers It is a model in which the computing infrastructure is viewed as a lsquocloudrsquo from
which users can access applications from anywhere in the world2 It is the delivery of
computational resources allocated from a place other than the one from which the user is
computing3 Cloud services are used constantly with or without the users realizing this fact
whether it is Facebook Twitter or Azure4
2 The cloud has accelerated the growth of the IT sector and enabled an OPEX5 model of
business which provides the economic appeal for choosing the cloud However the reign of
the cloud should be watched with some concern It accompanies with it jurisdictional
intellectual property and privacy issues Since technology has fast outpaced the legal regime
for protection of rights the law has to catch up with the change There is a compelling need
for a law that can operate beyond territorial limits in order to rein in the cloud
1 Post graduate Student of NALSAR University of Law During her internship program at Altacit Global
2 RAJKUMAR BUYYA JAMES BROBERG AND ANDRZEJ GOSCINSKI (Ed) CLOUD COMPUTING
PRINCIPLES AND PARADIGMS 2011 3 JOHN W RITTINGHOUSE amp JAMES F RANSOME CLOUD COMPUTING IMPLEMENTATION
MANAGEMENT AND SECURITY at xxvii (2010) 4 Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY (last accessed on 12 December 2014)
See also Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15 2011)
httpwwwmakcuseofcomtagcloud-computing-work-technology-explained (last accessed on 12 December 2014) 5 OPEX model- where only the operational expenses are incurred unlike the conventional CAPEX-Capital
expenditure
LEGAL CHALLENGES IN THE CLOUD
4
CHAPTER 2
THE CLOUD DEFINING THE TERRITORY
3 Cloud computing refers to the use of the internet (ldquocloudrdquo) based computer technology for a
variety of services It is a computing model in which virtualized resources are provided as a
service over the internet6 Generally it can be said to be a way of providing IT functions
such as information storage processing power and computer programs as services over the
internet through the usage of external (often remote) servers7 This means that the
information programs and applications which are conventionally stored in the computer or
other hardware are now stored on external servers which can be accessed through the
internet This allows computing to be given as a utility comparable to the other utilities like
electricity and water
4 The essential characteristics of the cloud include on-demand self-service broad network
access pooling of resources rapid elasticity and measured service all of which are captured
in the NIST definition NIST defines
lsquocloud computingrsquo as a model for enabling convenient on-demand network access to a
shared pool of configurable computing resources like networks servers storage
applications and services that can be rapidly provisioned and released with minimal
management effort or service provider interaction8
I Types of clouds
a Service models
6 Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN 2249-6645 IJMER
Vol 2 Issue 3 May- June 2012 pp 902-905 7 How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehow_borderless_cloud_epdf (last accessed on 12
Dec 2014) 8 PETER MELL amp TIMOTHY GRANCE THE NIST DEFINITION OF CLOUD COMPUTING
RECOMMENDATIONS OF THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2 (2011)
available at httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf [hereinafter NIST DEFINITION OF
CLOUD COMPUTING]
LEGAL CHALLENGES IN THE CLOUD
5
5 The NIST definition gives three service models of the cloud viz SaaS (software as a
service) PaaS (platform as a service) and IaaS (Infrastructure as a service) SaaS is a
complete operating environment with applications management and user interface In this
model everything from the application down to infrastructure is the vendor responsibility the
client is simply using the application entering managing data etc9 PaaS
10 provides virtual
machines operating systems applications services development frameworks transactions
and control structures11
IaaS12
service provider manages the entire infrastructure while the
client is responsible for all other aspects of deployment that can include the operating system
and applications13
Sometimes IaaS providers are also PaaS and SaaS providers14
6 In addition to these three categories a number of other possible types of as-a-service (-aas)
categories have appeared Common lsquoaasrsquo categories include Applications-as-a-Service
Backup-as-a-Service Desktop-as-a-Service and Business Processes-as-a-Service15
b Deployment models
7 Cloud services are deployed in different ways depending on its organizational structure and
provisioning location and who has access to the cloud The four deployment models of the
cloud are public cloud (also called utility computing) private cloud (virtual private cloud)
community cloud and hybrid cloud
8 Public cloud16
infrastructure is available to the general public and is provided by a third party
service provider Private clouds17
are cloud services within an organizational structure which
are operated solely for a designated company Cloud computing normally does not include
private clouds18
Though public clouds are more efficient than private clouds they are also
the most vulnerable
9 BARRIE SOSINSKI CLOUD COMPUTING BIBLE 11 (2011)
10 Forcecom Microsoft Azure platform Zoho creator and GoGrid CloudCenter are some PaaS cloud services 11
Supra n8 12
Some IaaS clouds are Eucalyptus and GoGrid 13
Supra n 8 14
Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property Issues RESER
Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf last accessed on 10 December 2014 15
Supra n 6 16
Some public clouds are Amazon Web Services (AWS) containing the Elastic Compute Cloud (EC2) (IaaS) and
the Simple Storage Service (S3) Google App Engine (PaaS) G-mail Microsoft Azure and Salesforcecom 17
Cerelink is a private cloud 18
Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz Andrew Konwinski
LEGAL CHALLENGES IN THE CLOUD
6
9 Where organizations share a private cloud it becomes a community cloud19
Enterprises
having similar specific needs can pool their resources to procure a community cloud It is a
generalization of a private cloud The hybrid cloud20
computing service combines the
deployment models of the public and private clouds
II Essential characteristics of the cloud
10 Computing as a service provides a new type of utility with its accompanying features From a
hardware point of view the following three aspects are new in Cloud Computing 21
a Cloud computing provides infinite resources (or creates an illusion of it) for the purpose
of the users The cloud is facilitated by the external servers of the Cloud Service
Providers22
which can be situated anywhere in the world This enables the users to
depend less on hardware and eliminates the need to provision for the future as the cloud
takes care of it all
b Companies can start on a short term basis and increase the quantity of resources used as
per their needs
c Payment can be made on a short- term basis (eg processors by the hour and storage by
the day)
11 However as the name lsquocloudrsquo signifies lack of locality of hardware and data is another
aspect of the cloud The data may be stored in multiple jurisdictions and in a fragmented
form This ambiguous nature of the cloud is what causes apprehension for the law Since
laws are usually territorial and the cloud cannot be confined within any such boundary the
nations are unprepared to answer the questions raised in the cloud The issues in cloud
computing include those relating to jurisdiction data sovereignty and privacy and intellectual
property
CHAPTER 3
LEGAL ISSUES IN THE CLOUD
I Privacy concerns
Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia Above the Clouds A Berkeley View of
Cloud Computing Technical Report No UCBEECS-2009-28
httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html last accesses on 9 December 2014 19
Google Gov Cloud is a community cloud 20
Rackspace is an example for a hybrid cloud 21
Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First workshop on Cloud
Computing and in Applications (CCA rsquo08) (October 2008) 22
Herein referred to as CSP
LEGAL CHALLENGES IN THE CLOUD
7
12 When data is stored in the cloud it means that the CSP has the data of the cloud user
However the CSP may have subcontracted the storage function to another company There
might be many other sub-contractor companies which enable the cloud This means that the
third party company could change their terms and conditions or upgrade their hardware
software without any permission or knowledge of the user Upgrades and amendments in the
privacy policy may cause the data to be exposed on the internet23
Further the customer
agreement is subject to the Service Level Agreements of the CSPrsquos The threat of third party
access always looms over the head of the user24
and the possibility of security glitches
cannot be ignored25
13 The data is likely to be stored in another country with more or less data protection It is
subjected to local laws that are outside the control of the data owner Most cloud storage
providers (Dropbox Google Drive OneDrive etc) do not encrypt data at rest26
Encryption
of data in the cloud allows the CSP to guarantee the protection of the data from unauthorized
access of data by third parties to some extent But legal access to the data in the cloud can
also be a problem to the user Situations can also arise where information stored in a certain
country is by legal obligation made available to that countryrsquos authorities such as police or
intelligence authorities27
23
Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud last access on 10
December 2014 24
See Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange Austin Tex) (Issue No 2) 25
Both Google Docs and Dropbox have experienced security glitches In 2009 a glitch within Google Docs caused
private documents to be inadvertently exposed75 JR Raphael Google Docs Glitch Exposes Private Files
PCWORLD (Mar 9 2009 120 PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-
fileshtml In 2011 Dropbox disclosed a bug that created a gateway for potential hackers to obtain access to
confidential information from any Dropbox user for the hacker merely needed the users e-mail address to have
unfettered access to [the users] entire Dropbox Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball in 2012 Dropbox publicly reported another security
glitch Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012 737 PM)
httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-offers users-help see also Barb
Darrow Dropbox Yes We Were HackedGIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014) (last access on 8 Decmber
2014) 26
Supra n 22 27
The PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001) in the United States allows federal security agencies to directly utilize Cloud
providerrsquos infrastructure for wiretapping and surveillance purposes which can also be accompanied with a gag order
LEGAL CHALLENGES IN THE CLOUD
8
14 EUrsquos Directive on the Protection to the Individuals with regard to the Processing of Personal
Data and on the Free Movement of Such Data28
has imposed new restrictions on the
collection storage and public availability of the data
II Jurisdictional concerns
15 The dynamic nature of the Cloud means that data is more often in transit both within and
away from the cloud provider resulting in multiple jurisdictional claims on the same
information There is no international treaty or any kind of consensus as to which law should
be deemed applicable in case of conflict
16 The result is that courts might have to rely on the physical location of the servers in which
the material is copied to determine jurisdiction29
17 The matter of jurisdiction is causing unrest in the legal fraternity The issues of cross-border
cases result in the courts exercising long-arm jurisdiction The courts are currently trying to
sew together the fabric of private international law with the territorial legislations in order to
counter the problems The result is just a patchwork solution to the cloud issues
III Intellectual property concerns
18 Online platforms offered by intermediaries allow users to upload and share material30
There
are also platforms for exchange of specified assets31
which facilitate additional activities
which enable users to follow other users32
In all these instances the transactions take place
in the ldquocloudrdquo
19 Intellectual property primarily relates to information whether confidential or data
expressions of ideas (protected primarily by copyright) signs and branding (protected by
(section 505) In an attempt to strengthen government control over the internet Cambodia is implementing a
government-controlled national exchange point through which all internet service providers (ISP) must go in order
to access the national market Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE
March 2 2010 lthttpbitlybrP14Mgt (last access on 6 December 2014) 28
94 46 EC October 1995 29
The German Federal Court in a case between Google and an artist whose paintings were depicted in the search
engine index as thumbnails did not go into the issue whether the depiction amounted to a reproduction of the work
as the server was situated in USA Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany
German Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-8078-
b5d6e9942855pdf See also Hillary Stemple Germany High Court Rules Google Images Do Not Violate
Copyright Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-google-did-
not-violate-copyright-lawsphp( last access on 12 December 2014 ) 30
Eg Blogging facilitated by Google Wordpress Flikrcom 31
Eg eBay Amazon 32
Social networking sites such as Facebook and LinkedIn
LEGAL CHALLENGES IN THE CLOUD
9
copyright and trademarks) and the underlying structures of intellectual ecommerce whether
hardware or software (protected by copyright or patents) Protection of intellectual property
rights from potential infringement has become a herculean task in the cloud environment
20 The cloud due to its nebulous nature possesses a number of infringement possibilities The
main concern over the protection of intellectual property is that they are territorial rights
This makes it difficult to determine whether there is infringement or not The question
whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this
point as there is no territorial infringement as such
21 Even if there is infringement it cannot be efficiently detected to serve the purpose of the
intellectual property protection due to the fragmented nature of the data in the cloud Reverse
engineering is also unhelpful to trace the locus of infringement33
22 The content stored in the cloud is in digital form which can be disseminated instantaneously
rapidly copied by third parties and difficult to monitor in the cloud Hence it is difficult to
track the elements of infringement per se Further the disclaimer clauses and the liability
clauses in the service contracts are usually drafted in such a manner so as to keep liability
risks at bay
23 However the offence of lsquoinducement to infringersquo is being applied by courts and plaintiffs to
deal with this problem
24 There is no definitive law to tackle divided infringement The cloud is facilitated by the
hardware owners service providers and the cloud itself might be the result of a subcontract
among the parties Hence in these cases there arises the situation of divided infringement
IV Lack of control over the data in the cloud
25 Storage of data in different locations through distribution over a wider area and a number of
resources increases the security chances but at the same time it has its negatives
Information in the cloud is actually stored in a place which is out of userrsquos control Access to
cloud storage data could be removed at any time and this is also outside the control of the
33
The access from resources not owned by the cloud consumer is possible as the intermediate connection between
source and target storage devices is provided by the Internet in most cases Hence it is not a simple matter to
identify the path that the data takes from source storage device to the target storage device as this path may not
remain fixed Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic Process
Model MURDOCH UNIVERSITY AUSTRALIA DOI 104018978-1-4666-2662-1ch004
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
3
CHAPTER 1
INTRODUCTION
By LENNY THOMAS KURAKAR1
The interesting thing about cloud computing is that wersquove redefined cloud computing to include
everything that we already do ndashRichard Stallman
1 The cloud used to be a clicheacute designating the Internet and often a cloud shape represents the
Internet in a network diagram But now it is more than just an abstraction synonymous with
the web ldquoCloud Computingrdquo has evolved to define the new advancement in technology It is
a term now used to describe the on-demand computing services provided by cloud service
providers It is a model in which the computing infrastructure is viewed as a lsquocloudrsquo from
which users can access applications from anywhere in the world2 It is the delivery of
computational resources allocated from a place other than the one from which the user is
computing3 Cloud services are used constantly with or without the users realizing this fact
whether it is Facebook Twitter or Azure4
2 The cloud has accelerated the growth of the IT sector and enabled an OPEX5 model of
business which provides the economic appeal for choosing the cloud However the reign of
the cloud should be watched with some concern It accompanies with it jurisdictional
intellectual property and privacy issues Since technology has fast outpaced the legal regime
for protection of rights the law has to catch up with the change There is a compelling need
for a law that can operate beyond territorial limits in order to rein in the cloud
1 Post graduate Student of NALSAR University of Law During her internship program at Altacit Global
2 RAJKUMAR BUYYA JAMES BROBERG AND ANDRZEJ GOSCINSKI (Ed) CLOUD COMPUTING
PRINCIPLES AND PARADIGMS 2011 3 JOHN W RITTINGHOUSE amp JAMES F RANSOME CLOUD COMPUTING IMPLEMENTATION
MANAGEMENT AND SECURITY at xxvii (2010) 4 Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY (last accessed on 12 December 2014)
See also Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15 2011)
httpwwwmakcuseofcomtagcloud-computing-work-technology-explained (last accessed on 12 December 2014) 5 OPEX model- where only the operational expenses are incurred unlike the conventional CAPEX-Capital
expenditure
LEGAL CHALLENGES IN THE CLOUD
4
CHAPTER 2
THE CLOUD DEFINING THE TERRITORY
3 Cloud computing refers to the use of the internet (ldquocloudrdquo) based computer technology for a
variety of services It is a computing model in which virtualized resources are provided as a
service over the internet6 Generally it can be said to be a way of providing IT functions
such as information storage processing power and computer programs as services over the
internet through the usage of external (often remote) servers7 This means that the
information programs and applications which are conventionally stored in the computer or
other hardware are now stored on external servers which can be accessed through the
internet This allows computing to be given as a utility comparable to the other utilities like
electricity and water
4 The essential characteristics of the cloud include on-demand self-service broad network
access pooling of resources rapid elasticity and measured service all of which are captured
in the NIST definition NIST defines
lsquocloud computingrsquo as a model for enabling convenient on-demand network access to a
shared pool of configurable computing resources like networks servers storage
applications and services that can be rapidly provisioned and released with minimal
management effort or service provider interaction8
I Types of clouds
a Service models
6 Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN 2249-6645 IJMER
Vol 2 Issue 3 May- June 2012 pp 902-905 7 How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehow_borderless_cloud_epdf (last accessed on 12
Dec 2014) 8 PETER MELL amp TIMOTHY GRANCE THE NIST DEFINITION OF CLOUD COMPUTING
RECOMMENDATIONS OF THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2 (2011)
available at httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf [hereinafter NIST DEFINITION OF
CLOUD COMPUTING]
LEGAL CHALLENGES IN THE CLOUD
5
5 The NIST definition gives three service models of the cloud viz SaaS (software as a
service) PaaS (platform as a service) and IaaS (Infrastructure as a service) SaaS is a
complete operating environment with applications management and user interface In this
model everything from the application down to infrastructure is the vendor responsibility the
client is simply using the application entering managing data etc9 PaaS
10 provides virtual
machines operating systems applications services development frameworks transactions
and control structures11
IaaS12
service provider manages the entire infrastructure while the
client is responsible for all other aspects of deployment that can include the operating system
and applications13
Sometimes IaaS providers are also PaaS and SaaS providers14
6 In addition to these three categories a number of other possible types of as-a-service (-aas)
categories have appeared Common lsquoaasrsquo categories include Applications-as-a-Service
Backup-as-a-Service Desktop-as-a-Service and Business Processes-as-a-Service15
b Deployment models
7 Cloud services are deployed in different ways depending on its organizational structure and
provisioning location and who has access to the cloud The four deployment models of the
cloud are public cloud (also called utility computing) private cloud (virtual private cloud)
community cloud and hybrid cloud
8 Public cloud16
infrastructure is available to the general public and is provided by a third party
service provider Private clouds17
are cloud services within an organizational structure which
are operated solely for a designated company Cloud computing normally does not include
private clouds18
Though public clouds are more efficient than private clouds they are also
the most vulnerable
9 BARRIE SOSINSKI CLOUD COMPUTING BIBLE 11 (2011)
10 Forcecom Microsoft Azure platform Zoho creator and GoGrid CloudCenter are some PaaS cloud services 11
Supra n8 12
Some IaaS clouds are Eucalyptus and GoGrid 13
Supra n 8 14
Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property Issues RESER
Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf last accessed on 10 December 2014 15
Supra n 6 16
Some public clouds are Amazon Web Services (AWS) containing the Elastic Compute Cloud (EC2) (IaaS) and
the Simple Storage Service (S3) Google App Engine (PaaS) G-mail Microsoft Azure and Salesforcecom 17
Cerelink is a private cloud 18
Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz Andrew Konwinski
LEGAL CHALLENGES IN THE CLOUD
6
9 Where organizations share a private cloud it becomes a community cloud19
Enterprises
having similar specific needs can pool their resources to procure a community cloud It is a
generalization of a private cloud The hybrid cloud20
computing service combines the
deployment models of the public and private clouds
II Essential characteristics of the cloud
10 Computing as a service provides a new type of utility with its accompanying features From a
hardware point of view the following three aspects are new in Cloud Computing 21
a Cloud computing provides infinite resources (or creates an illusion of it) for the purpose
of the users The cloud is facilitated by the external servers of the Cloud Service
Providers22
which can be situated anywhere in the world This enables the users to
depend less on hardware and eliminates the need to provision for the future as the cloud
takes care of it all
b Companies can start on a short term basis and increase the quantity of resources used as
per their needs
c Payment can be made on a short- term basis (eg processors by the hour and storage by
the day)
11 However as the name lsquocloudrsquo signifies lack of locality of hardware and data is another
aspect of the cloud The data may be stored in multiple jurisdictions and in a fragmented
form This ambiguous nature of the cloud is what causes apprehension for the law Since
laws are usually territorial and the cloud cannot be confined within any such boundary the
nations are unprepared to answer the questions raised in the cloud The issues in cloud
computing include those relating to jurisdiction data sovereignty and privacy and intellectual
property
CHAPTER 3
LEGAL ISSUES IN THE CLOUD
I Privacy concerns
Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia Above the Clouds A Berkeley View of
Cloud Computing Technical Report No UCBEECS-2009-28
httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html last accesses on 9 December 2014 19
Google Gov Cloud is a community cloud 20
Rackspace is an example for a hybrid cloud 21
Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First workshop on Cloud
Computing and in Applications (CCA rsquo08) (October 2008) 22
Herein referred to as CSP
LEGAL CHALLENGES IN THE CLOUD
7
12 When data is stored in the cloud it means that the CSP has the data of the cloud user
However the CSP may have subcontracted the storage function to another company There
might be many other sub-contractor companies which enable the cloud This means that the
third party company could change their terms and conditions or upgrade their hardware
software without any permission or knowledge of the user Upgrades and amendments in the
privacy policy may cause the data to be exposed on the internet23
Further the customer
agreement is subject to the Service Level Agreements of the CSPrsquos The threat of third party
access always looms over the head of the user24
and the possibility of security glitches
cannot be ignored25
13 The data is likely to be stored in another country with more or less data protection It is
subjected to local laws that are outside the control of the data owner Most cloud storage
providers (Dropbox Google Drive OneDrive etc) do not encrypt data at rest26
Encryption
of data in the cloud allows the CSP to guarantee the protection of the data from unauthorized
access of data by third parties to some extent But legal access to the data in the cloud can
also be a problem to the user Situations can also arise where information stored in a certain
country is by legal obligation made available to that countryrsquos authorities such as police or
intelligence authorities27
23
Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud last access on 10
December 2014 24
See Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange Austin Tex) (Issue No 2) 25
Both Google Docs and Dropbox have experienced security glitches In 2009 a glitch within Google Docs caused
private documents to be inadvertently exposed75 JR Raphael Google Docs Glitch Exposes Private Files
PCWORLD (Mar 9 2009 120 PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-
fileshtml In 2011 Dropbox disclosed a bug that created a gateway for potential hackers to obtain access to
confidential information from any Dropbox user for the hacker merely needed the users e-mail address to have
unfettered access to [the users] entire Dropbox Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball in 2012 Dropbox publicly reported another security
glitch Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012 737 PM)
httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-offers users-help see also Barb
Darrow Dropbox Yes We Were HackedGIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014) (last access on 8 Decmber
2014) 26
Supra n 22 27
The PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001) in the United States allows federal security agencies to directly utilize Cloud
providerrsquos infrastructure for wiretapping and surveillance purposes which can also be accompanied with a gag order
LEGAL CHALLENGES IN THE CLOUD
8
14 EUrsquos Directive on the Protection to the Individuals with regard to the Processing of Personal
Data and on the Free Movement of Such Data28
has imposed new restrictions on the
collection storage and public availability of the data
II Jurisdictional concerns
15 The dynamic nature of the Cloud means that data is more often in transit both within and
away from the cloud provider resulting in multiple jurisdictional claims on the same
information There is no international treaty or any kind of consensus as to which law should
be deemed applicable in case of conflict
16 The result is that courts might have to rely on the physical location of the servers in which
the material is copied to determine jurisdiction29
17 The matter of jurisdiction is causing unrest in the legal fraternity The issues of cross-border
cases result in the courts exercising long-arm jurisdiction The courts are currently trying to
sew together the fabric of private international law with the territorial legislations in order to
counter the problems The result is just a patchwork solution to the cloud issues
III Intellectual property concerns
18 Online platforms offered by intermediaries allow users to upload and share material30
There
are also platforms for exchange of specified assets31
which facilitate additional activities
which enable users to follow other users32
In all these instances the transactions take place
in the ldquocloudrdquo
19 Intellectual property primarily relates to information whether confidential or data
expressions of ideas (protected primarily by copyright) signs and branding (protected by
(section 505) In an attempt to strengthen government control over the internet Cambodia is implementing a
government-controlled national exchange point through which all internet service providers (ISP) must go in order
to access the national market Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE
March 2 2010 lthttpbitlybrP14Mgt (last access on 6 December 2014) 28
94 46 EC October 1995 29
The German Federal Court in a case between Google and an artist whose paintings were depicted in the search
engine index as thumbnails did not go into the issue whether the depiction amounted to a reproduction of the work
as the server was situated in USA Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany
German Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-8078-
b5d6e9942855pdf See also Hillary Stemple Germany High Court Rules Google Images Do Not Violate
Copyright Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-google-did-
not-violate-copyright-lawsphp( last access on 12 December 2014 ) 30
Eg Blogging facilitated by Google Wordpress Flikrcom 31
Eg eBay Amazon 32
Social networking sites such as Facebook and LinkedIn
LEGAL CHALLENGES IN THE CLOUD
9
copyright and trademarks) and the underlying structures of intellectual ecommerce whether
hardware or software (protected by copyright or patents) Protection of intellectual property
rights from potential infringement has become a herculean task in the cloud environment
20 The cloud due to its nebulous nature possesses a number of infringement possibilities The
main concern over the protection of intellectual property is that they are territorial rights
This makes it difficult to determine whether there is infringement or not The question
whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this
point as there is no territorial infringement as such
21 Even if there is infringement it cannot be efficiently detected to serve the purpose of the
intellectual property protection due to the fragmented nature of the data in the cloud Reverse
engineering is also unhelpful to trace the locus of infringement33
22 The content stored in the cloud is in digital form which can be disseminated instantaneously
rapidly copied by third parties and difficult to monitor in the cloud Hence it is difficult to
track the elements of infringement per se Further the disclaimer clauses and the liability
clauses in the service contracts are usually drafted in such a manner so as to keep liability
risks at bay
23 However the offence of lsquoinducement to infringersquo is being applied by courts and plaintiffs to
deal with this problem
24 There is no definitive law to tackle divided infringement The cloud is facilitated by the
hardware owners service providers and the cloud itself might be the result of a subcontract
among the parties Hence in these cases there arises the situation of divided infringement
IV Lack of control over the data in the cloud
25 Storage of data in different locations through distribution over a wider area and a number of
resources increases the security chances but at the same time it has its negatives
Information in the cloud is actually stored in a place which is out of userrsquos control Access to
cloud storage data could be removed at any time and this is also outside the control of the
33
The access from resources not owned by the cloud consumer is possible as the intermediate connection between
source and target storage devices is provided by the Internet in most cases Hence it is not a simple matter to
identify the path that the data takes from source storage device to the target storage device as this path may not
remain fixed Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic Process
Model MURDOCH UNIVERSITY AUSTRALIA DOI 104018978-1-4666-2662-1ch004
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
4
CHAPTER 2
THE CLOUD DEFINING THE TERRITORY
3 Cloud computing refers to the use of the internet (ldquocloudrdquo) based computer technology for a
variety of services It is a computing model in which virtualized resources are provided as a
service over the internet6 Generally it can be said to be a way of providing IT functions
such as information storage processing power and computer programs as services over the
internet through the usage of external (often remote) servers7 This means that the
information programs and applications which are conventionally stored in the computer or
other hardware are now stored on external servers which can be accessed through the
internet This allows computing to be given as a utility comparable to the other utilities like
electricity and water
4 The essential characteristics of the cloud include on-demand self-service broad network
access pooling of resources rapid elasticity and measured service all of which are captured
in the NIST definition NIST defines
lsquocloud computingrsquo as a model for enabling convenient on-demand network access to a
shared pool of configurable computing resources like networks servers storage
applications and services that can be rapidly provisioned and released with minimal
management effort or service provider interaction8
I Types of clouds
a Service models
6 Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN 2249-6645 IJMER
Vol 2 Issue 3 May- June 2012 pp 902-905 7 How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehow_borderless_cloud_epdf (last accessed on 12
Dec 2014) 8 PETER MELL amp TIMOTHY GRANCE THE NIST DEFINITION OF CLOUD COMPUTING
RECOMMENDATIONS OF THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2 (2011)
available at httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf [hereinafter NIST DEFINITION OF
CLOUD COMPUTING]
LEGAL CHALLENGES IN THE CLOUD
5
5 The NIST definition gives three service models of the cloud viz SaaS (software as a
service) PaaS (platform as a service) and IaaS (Infrastructure as a service) SaaS is a
complete operating environment with applications management and user interface In this
model everything from the application down to infrastructure is the vendor responsibility the
client is simply using the application entering managing data etc9 PaaS
10 provides virtual
machines operating systems applications services development frameworks transactions
and control structures11
IaaS12
service provider manages the entire infrastructure while the
client is responsible for all other aspects of deployment that can include the operating system
and applications13
Sometimes IaaS providers are also PaaS and SaaS providers14
6 In addition to these three categories a number of other possible types of as-a-service (-aas)
categories have appeared Common lsquoaasrsquo categories include Applications-as-a-Service
Backup-as-a-Service Desktop-as-a-Service and Business Processes-as-a-Service15
b Deployment models
7 Cloud services are deployed in different ways depending on its organizational structure and
provisioning location and who has access to the cloud The four deployment models of the
cloud are public cloud (also called utility computing) private cloud (virtual private cloud)
community cloud and hybrid cloud
8 Public cloud16
infrastructure is available to the general public and is provided by a third party
service provider Private clouds17
are cloud services within an organizational structure which
are operated solely for a designated company Cloud computing normally does not include
private clouds18
Though public clouds are more efficient than private clouds they are also
the most vulnerable
9 BARRIE SOSINSKI CLOUD COMPUTING BIBLE 11 (2011)
10 Forcecom Microsoft Azure platform Zoho creator and GoGrid CloudCenter are some PaaS cloud services 11
Supra n8 12
Some IaaS clouds are Eucalyptus and GoGrid 13
Supra n 8 14
Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property Issues RESER
Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf last accessed on 10 December 2014 15
Supra n 6 16
Some public clouds are Amazon Web Services (AWS) containing the Elastic Compute Cloud (EC2) (IaaS) and
the Simple Storage Service (S3) Google App Engine (PaaS) G-mail Microsoft Azure and Salesforcecom 17
Cerelink is a private cloud 18
Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz Andrew Konwinski
LEGAL CHALLENGES IN THE CLOUD
6
9 Where organizations share a private cloud it becomes a community cloud19
Enterprises
having similar specific needs can pool their resources to procure a community cloud It is a
generalization of a private cloud The hybrid cloud20
computing service combines the
deployment models of the public and private clouds
II Essential characteristics of the cloud
10 Computing as a service provides a new type of utility with its accompanying features From a
hardware point of view the following three aspects are new in Cloud Computing 21
a Cloud computing provides infinite resources (or creates an illusion of it) for the purpose
of the users The cloud is facilitated by the external servers of the Cloud Service
Providers22
which can be situated anywhere in the world This enables the users to
depend less on hardware and eliminates the need to provision for the future as the cloud
takes care of it all
b Companies can start on a short term basis and increase the quantity of resources used as
per their needs
c Payment can be made on a short- term basis (eg processors by the hour and storage by
the day)
11 However as the name lsquocloudrsquo signifies lack of locality of hardware and data is another
aspect of the cloud The data may be stored in multiple jurisdictions and in a fragmented
form This ambiguous nature of the cloud is what causes apprehension for the law Since
laws are usually territorial and the cloud cannot be confined within any such boundary the
nations are unprepared to answer the questions raised in the cloud The issues in cloud
computing include those relating to jurisdiction data sovereignty and privacy and intellectual
property
CHAPTER 3
LEGAL ISSUES IN THE CLOUD
I Privacy concerns
Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia Above the Clouds A Berkeley View of
Cloud Computing Technical Report No UCBEECS-2009-28
httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html last accesses on 9 December 2014 19
Google Gov Cloud is a community cloud 20
Rackspace is an example for a hybrid cloud 21
Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First workshop on Cloud
Computing and in Applications (CCA rsquo08) (October 2008) 22
Herein referred to as CSP
LEGAL CHALLENGES IN THE CLOUD
7
12 When data is stored in the cloud it means that the CSP has the data of the cloud user
However the CSP may have subcontracted the storage function to another company There
might be many other sub-contractor companies which enable the cloud This means that the
third party company could change their terms and conditions or upgrade their hardware
software without any permission or knowledge of the user Upgrades and amendments in the
privacy policy may cause the data to be exposed on the internet23
Further the customer
agreement is subject to the Service Level Agreements of the CSPrsquos The threat of third party
access always looms over the head of the user24
and the possibility of security glitches
cannot be ignored25
13 The data is likely to be stored in another country with more or less data protection It is
subjected to local laws that are outside the control of the data owner Most cloud storage
providers (Dropbox Google Drive OneDrive etc) do not encrypt data at rest26
Encryption
of data in the cloud allows the CSP to guarantee the protection of the data from unauthorized
access of data by third parties to some extent But legal access to the data in the cloud can
also be a problem to the user Situations can also arise where information stored in a certain
country is by legal obligation made available to that countryrsquos authorities such as police or
intelligence authorities27
23
Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud last access on 10
December 2014 24
See Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange Austin Tex) (Issue No 2) 25
Both Google Docs and Dropbox have experienced security glitches In 2009 a glitch within Google Docs caused
private documents to be inadvertently exposed75 JR Raphael Google Docs Glitch Exposes Private Files
PCWORLD (Mar 9 2009 120 PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-
fileshtml In 2011 Dropbox disclosed a bug that created a gateway for potential hackers to obtain access to
confidential information from any Dropbox user for the hacker merely needed the users e-mail address to have
unfettered access to [the users] entire Dropbox Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball in 2012 Dropbox publicly reported another security
glitch Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012 737 PM)
httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-offers users-help see also Barb
Darrow Dropbox Yes We Were HackedGIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014) (last access on 8 Decmber
2014) 26
Supra n 22 27
The PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001) in the United States allows federal security agencies to directly utilize Cloud
providerrsquos infrastructure for wiretapping and surveillance purposes which can also be accompanied with a gag order
LEGAL CHALLENGES IN THE CLOUD
8
14 EUrsquos Directive on the Protection to the Individuals with regard to the Processing of Personal
Data and on the Free Movement of Such Data28
has imposed new restrictions on the
collection storage and public availability of the data
II Jurisdictional concerns
15 The dynamic nature of the Cloud means that data is more often in transit both within and
away from the cloud provider resulting in multiple jurisdictional claims on the same
information There is no international treaty or any kind of consensus as to which law should
be deemed applicable in case of conflict
16 The result is that courts might have to rely on the physical location of the servers in which
the material is copied to determine jurisdiction29
17 The matter of jurisdiction is causing unrest in the legal fraternity The issues of cross-border
cases result in the courts exercising long-arm jurisdiction The courts are currently trying to
sew together the fabric of private international law with the territorial legislations in order to
counter the problems The result is just a patchwork solution to the cloud issues
III Intellectual property concerns
18 Online platforms offered by intermediaries allow users to upload and share material30
There
are also platforms for exchange of specified assets31
which facilitate additional activities
which enable users to follow other users32
In all these instances the transactions take place
in the ldquocloudrdquo
19 Intellectual property primarily relates to information whether confidential or data
expressions of ideas (protected primarily by copyright) signs and branding (protected by
(section 505) In an attempt to strengthen government control over the internet Cambodia is implementing a
government-controlled national exchange point through which all internet service providers (ISP) must go in order
to access the national market Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE
March 2 2010 lthttpbitlybrP14Mgt (last access on 6 December 2014) 28
94 46 EC October 1995 29
The German Federal Court in a case between Google and an artist whose paintings were depicted in the search
engine index as thumbnails did not go into the issue whether the depiction amounted to a reproduction of the work
as the server was situated in USA Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany
German Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-8078-
b5d6e9942855pdf See also Hillary Stemple Germany High Court Rules Google Images Do Not Violate
Copyright Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-google-did-
not-violate-copyright-lawsphp( last access on 12 December 2014 ) 30
Eg Blogging facilitated by Google Wordpress Flikrcom 31
Eg eBay Amazon 32
Social networking sites such as Facebook and LinkedIn
LEGAL CHALLENGES IN THE CLOUD
9
copyright and trademarks) and the underlying structures of intellectual ecommerce whether
hardware or software (protected by copyright or patents) Protection of intellectual property
rights from potential infringement has become a herculean task in the cloud environment
20 The cloud due to its nebulous nature possesses a number of infringement possibilities The
main concern over the protection of intellectual property is that they are territorial rights
This makes it difficult to determine whether there is infringement or not The question
whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this
point as there is no territorial infringement as such
21 Even if there is infringement it cannot be efficiently detected to serve the purpose of the
intellectual property protection due to the fragmented nature of the data in the cloud Reverse
engineering is also unhelpful to trace the locus of infringement33
22 The content stored in the cloud is in digital form which can be disseminated instantaneously
rapidly copied by third parties and difficult to monitor in the cloud Hence it is difficult to
track the elements of infringement per se Further the disclaimer clauses and the liability
clauses in the service contracts are usually drafted in such a manner so as to keep liability
risks at bay
23 However the offence of lsquoinducement to infringersquo is being applied by courts and plaintiffs to
deal with this problem
24 There is no definitive law to tackle divided infringement The cloud is facilitated by the
hardware owners service providers and the cloud itself might be the result of a subcontract
among the parties Hence in these cases there arises the situation of divided infringement
IV Lack of control over the data in the cloud
25 Storage of data in different locations through distribution over a wider area and a number of
resources increases the security chances but at the same time it has its negatives
Information in the cloud is actually stored in a place which is out of userrsquos control Access to
cloud storage data could be removed at any time and this is also outside the control of the
33
The access from resources not owned by the cloud consumer is possible as the intermediate connection between
source and target storage devices is provided by the Internet in most cases Hence it is not a simple matter to
identify the path that the data takes from source storage device to the target storage device as this path may not
remain fixed Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic Process
Model MURDOCH UNIVERSITY AUSTRALIA DOI 104018978-1-4666-2662-1ch004
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
5
5 The NIST definition gives three service models of the cloud viz SaaS (software as a
service) PaaS (platform as a service) and IaaS (Infrastructure as a service) SaaS is a
complete operating environment with applications management and user interface In this
model everything from the application down to infrastructure is the vendor responsibility the
client is simply using the application entering managing data etc9 PaaS
10 provides virtual
machines operating systems applications services development frameworks transactions
and control structures11
IaaS12
service provider manages the entire infrastructure while the
client is responsible for all other aspects of deployment that can include the operating system
and applications13
Sometimes IaaS providers are also PaaS and SaaS providers14
6 In addition to these three categories a number of other possible types of as-a-service (-aas)
categories have appeared Common lsquoaasrsquo categories include Applications-as-a-Service
Backup-as-a-Service Desktop-as-a-Service and Business Processes-as-a-Service15
b Deployment models
7 Cloud services are deployed in different ways depending on its organizational structure and
provisioning location and who has access to the cloud The four deployment models of the
cloud are public cloud (also called utility computing) private cloud (virtual private cloud)
community cloud and hybrid cloud
8 Public cloud16
infrastructure is available to the general public and is provided by a third party
service provider Private clouds17
are cloud services within an organizational structure which
are operated solely for a designated company Cloud computing normally does not include
private clouds18
Though public clouds are more efficient than private clouds they are also
the most vulnerable
9 BARRIE SOSINSKI CLOUD COMPUTING BIBLE 11 (2011)
10 Forcecom Microsoft Azure platform Zoho creator and GoGrid CloudCenter are some PaaS cloud services 11
Supra n8 12
Some IaaS clouds are Eucalyptus and GoGrid 13
Supra n 8 14
Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property Issues RESER
Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf last accessed on 10 December 2014 15
Supra n 6 16
Some public clouds are Amazon Web Services (AWS) containing the Elastic Compute Cloud (EC2) (IaaS) and
the Simple Storage Service (S3) Google App Engine (PaaS) G-mail Microsoft Azure and Salesforcecom 17
Cerelink is a private cloud 18
Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz Andrew Konwinski
LEGAL CHALLENGES IN THE CLOUD
6
9 Where organizations share a private cloud it becomes a community cloud19
Enterprises
having similar specific needs can pool their resources to procure a community cloud It is a
generalization of a private cloud The hybrid cloud20
computing service combines the
deployment models of the public and private clouds
II Essential characteristics of the cloud
10 Computing as a service provides a new type of utility with its accompanying features From a
hardware point of view the following three aspects are new in Cloud Computing 21
a Cloud computing provides infinite resources (or creates an illusion of it) for the purpose
of the users The cloud is facilitated by the external servers of the Cloud Service
Providers22
which can be situated anywhere in the world This enables the users to
depend less on hardware and eliminates the need to provision for the future as the cloud
takes care of it all
b Companies can start on a short term basis and increase the quantity of resources used as
per their needs
c Payment can be made on a short- term basis (eg processors by the hour and storage by
the day)
11 However as the name lsquocloudrsquo signifies lack of locality of hardware and data is another
aspect of the cloud The data may be stored in multiple jurisdictions and in a fragmented
form This ambiguous nature of the cloud is what causes apprehension for the law Since
laws are usually territorial and the cloud cannot be confined within any such boundary the
nations are unprepared to answer the questions raised in the cloud The issues in cloud
computing include those relating to jurisdiction data sovereignty and privacy and intellectual
property
CHAPTER 3
LEGAL ISSUES IN THE CLOUD
I Privacy concerns
Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia Above the Clouds A Berkeley View of
Cloud Computing Technical Report No UCBEECS-2009-28
httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html last accesses on 9 December 2014 19
Google Gov Cloud is a community cloud 20
Rackspace is an example for a hybrid cloud 21
Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First workshop on Cloud
Computing and in Applications (CCA rsquo08) (October 2008) 22
Herein referred to as CSP
LEGAL CHALLENGES IN THE CLOUD
7
12 When data is stored in the cloud it means that the CSP has the data of the cloud user
However the CSP may have subcontracted the storage function to another company There
might be many other sub-contractor companies which enable the cloud This means that the
third party company could change their terms and conditions or upgrade their hardware
software without any permission or knowledge of the user Upgrades and amendments in the
privacy policy may cause the data to be exposed on the internet23
Further the customer
agreement is subject to the Service Level Agreements of the CSPrsquos The threat of third party
access always looms over the head of the user24
and the possibility of security glitches
cannot be ignored25
13 The data is likely to be stored in another country with more or less data protection It is
subjected to local laws that are outside the control of the data owner Most cloud storage
providers (Dropbox Google Drive OneDrive etc) do not encrypt data at rest26
Encryption
of data in the cloud allows the CSP to guarantee the protection of the data from unauthorized
access of data by third parties to some extent But legal access to the data in the cloud can
also be a problem to the user Situations can also arise where information stored in a certain
country is by legal obligation made available to that countryrsquos authorities such as police or
intelligence authorities27
23
Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud last access on 10
December 2014 24
See Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange Austin Tex) (Issue No 2) 25
Both Google Docs and Dropbox have experienced security glitches In 2009 a glitch within Google Docs caused
private documents to be inadvertently exposed75 JR Raphael Google Docs Glitch Exposes Private Files
PCWORLD (Mar 9 2009 120 PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-
fileshtml In 2011 Dropbox disclosed a bug that created a gateway for potential hackers to obtain access to
confidential information from any Dropbox user for the hacker merely needed the users e-mail address to have
unfettered access to [the users] entire Dropbox Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball in 2012 Dropbox publicly reported another security
glitch Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012 737 PM)
httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-offers users-help see also Barb
Darrow Dropbox Yes We Were HackedGIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014) (last access on 8 Decmber
2014) 26
Supra n 22 27
The PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001) in the United States allows federal security agencies to directly utilize Cloud
providerrsquos infrastructure for wiretapping and surveillance purposes which can also be accompanied with a gag order
LEGAL CHALLENGES IN THE CLOUD
8
14 EUrsquos Directive on the Protection to the Individuals with regard to the Processing of Personal
Data and on the Free Movement of Such Data28
has imposed new restrictions on the
collection storage and public availability of the data
II Jurisdictional concerns
15 The dynamic nature of the Cloud means that data is more often in transit both within and
away from the cloud provider resulting in multiple jurisdictional claims on the same
information There is no international treaty or any kind of consensus as to which law should
be deemed applicable in case of conflict
16 The result is that courts might have to rely on the physical location of the servers in which
the material is copied to determine jurisdiction29
17 The matter of jurisdiction is causing unrest in the legal fraternity The issues of cross-border
cases result in the courts exercising long-arm jurisdiction The courts are currently trying to
sew together the fabric of private international law with the territorial legislations in order to
counter the problems The result is just a patchwork solution to the cloud issues
III Intellectual property concerns
18 Online platforms offered by intermediaries allow users to upload and share material30
There
are also platforms for exchange of specified assets31
which facilitate additional activities
which enable users to follow other users32
In all these instances the transactions take place
in the ldquocloudrdquo
19 Intellectual property primarily relates to information whether confidential or data
expressions of ideas (protected primarily by copyright) signs and branding (protected by
(section 505) In an attempt to strengthen government control over the internet Cambodia is implementing a
government-controlled national exchange point through which all internet service providers (ISP) must go in order
to access the national market Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE
March 2 2010 lthttpbitlybrP14Mgt (last access on 6 December 2014) 28
94 46 EC October 1995 29
The German Federal Court in a case between Google and an artist whose paintings were depicted in the search
engine index as thumbnails did not go into the issue whether the depiction amounted to a reproduction of the work
as the server was situated in USA Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany
German Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-8078-
b5d6e9942855pdf See also Hillary Stemple Germany High Court Rules Google Images Do Not Violate
Copyright Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-google-did-
not-violate-copyright-lawsphp( last access on 12 December 2014 ) 30
Eg Blogging facilitated by Google Wordpress Flikrcom 31
Eg eBay Amazon 32
Social networking sites such as Facebook and LinkedIn
LEGAL CHALLENGES IN THE CLOUD
9
copyright and trademarks) and the underlying structures of intellectual ecommerce whether
hardware or software (protected by copyright or patents) Protection of intellectual property
rights from potential infringement has become a herculean task in the cloud environment
20 The cloud due to its nebulous nature possesses a number of infringement possibilities The
main concern over the protection of intellectual property is that they are territorial rights
This makes it difficult to determine whether there is infringement or not The question
whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this
point as there is no territorial infringement as such
21 Even if there is infringement it cannot be efficiently detected to serve the purpose of the
intellectual property protection due to the fragmented nature of the data in the cloud Reverse
engineering is also unhelpful to trace the locus of infringement33
22 The content stored in the cloud is in digital form which can be disseminated instantaneously
rapidly copied by third parties and difficult to monitor in the cloud Hence it is difficult to
track the elements of infringement per se Further the disclaimer clauses and the liability
clauses in the service contracts are usually drafted in such a manner so as to keep liability
risks at bay
23 However the offence of lsquoinducement to infringersquo is being applied by courts and plaintiffs to
deal with this problem
24 There is no definitive law to tackle divided infringement The cloud is facilitated by the
hardware owners service providers and the cloud itself might be the result of a subcontract
among the parties Hence in these cases there arises the situation of divided infringement
IV Lack of control over the data in the cloud
25 Storage of data in different locations through distribution over a wider area and a number of
resources increases the security chances but at the same time it has its negatives
Information in the cloud is actually stored in a place which is out of userrsquos control Access to
cloud storage data could be removed at any time and this is also outside the control of the
33
The access from resources not owned by the cloud consumer is possible as the intermediate connection between
source and target storage devices is provided by the Internet in most cases Hence it is not a simple matter to
identify the path that the data takes from source storage device to the target storage device as this path may not
remain fixed Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic Process
Model MURDOCH UNIVERSITY AUSTRALIA DOI 104018978-1-4666-2662-1ch004
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
6
9 Where organizations share a private cloud it becomes a community cloud19
Enterprises
having similar specific needs can pool their resources to procure a community cloud It is a
generalization of a private cloud The hybrid cloud20
computing service combines the
deployment models of the public and private clouds
II Essential characteristics of the cloud
10 Computing as a service provides a new type of utility with its accompanying features From a
hardware point of view the following three aspects are new in Cloud Computing 21
a Cloud computing provides infinite resources (or creates an illusion of it) for the purpose
of the users The cloud is facilitated by the external servers of the Cloud Service
Providers22
which can be situated anywhere in the world This enables the users to
depend less on hardware and eliminates the need to provision for the future as the cloud
takes care of it all
b Companies can start on a short term basis and increase the quantity of resources used as
per their needs
c Payment can be made on a short- term basis (eg processors by the hour and storage by
the day)
11 However as the name lsquocloudrsquo signifies lack of locality of hardware and data is another
aspect of the cloud The data may be stored in multiple jurisdictions and in a fragmented
form This ambiguous nature of the cloud is what causes apprehension for the law Since
laws are usually territorial and the cloud cannot be confined within any such boundary the
nations are unprepared to answer the questions raised in the cloud The issues in cloud
computing include those relating to jurisdiction data sovereignty and privacy and intellectual
property
CHAPTER 3
LEGAL ISSUES IN THE CLOUD
I Privacy concerns
Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia Above the Clouds A Berkeley View of
Cloud Computing Technical Report No UCBEECS-2009-28
httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html last accesses on 9 December 2014 19
Google Gov Cloud is a community cloud 20
Rackspace is an example for a hybrid cloud 21
Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First workshop on Cloud
Computing and in Applications (CCA rsquo08) (October 2008) 22
Herein referred to as CSP
LEGAL CHALLENGES IN THE CLOUD
7
12 When data is stored in the cloud it means that the CSP has the data of the cloud user
However the CSP may have subcontracted the storage function to another company There
might be many other sub-contractor companies which enable the cloud This means that the
third party company could change their terms and conditions or upgrade their hardware
software without any permission or knowledge of the user Upgrades and amendments in the
privacy policy may cause the data to be exposed on the internet23
Further the customer
agreement is subject to the Service Level Agreements of the CSPrsquos The threat of third party
access always looms over the head of the user24
and the possibility of security glitches
cannot be ignored25
13 The data is likely to be stored in another country with more or less data protection It is
subjected to local laws that are outside the control of the data owner Most cloud storage
providers (Dropbox Google Drive OneDrive etc) do not encrypt data at rest26
Encryption
of data in the cloud allows the CSP to guarantee the protection of the data from unauthorized
access of data by third parties to some extent But legal access to the data in the cloud can
also be a problem to the user Situations can also arise where information stored in a certain
country is by legal obligation made available to that countryrsquos authorities such as police or
intelligence authorities27
23
Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud last access on 10
December 2014 24
See Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange Austin Tex) (Issue No 2) 25
Both Google Docs and Dropbox have experienced security glitches In 2009 a glitch within Google Docs caused
private documents to be inadvertently exposed75 JR Raphael Google Docs Glitch Exposes Private Files
PCWORLD (Mar 9 2009 120 PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-
fileshtml In 2011 Dropbox disclosed a bug that created a gateway for potential hackers to obtain access to
confidential information from any Dropbox user for the hacker merely needed the users e-mail address to have
unfettered access to [the users] entire Dropbox Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball in 2012 Dropbox publicly reported another security
glitch Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012 737 PM)
httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-offers users-help see also Barb
Darrow Dropbox Yes We Were HackedGIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014) (last access on 8 Decmber
2014) 26
Supra n 22 27
The PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001) in the United States allows federal security agencies to directly utilize Cloud
providerrsquos infrastructure for wiretapping and surveillance purposes which can also be accompanied with a gag order
LEGAL CHALLENGES IN THE CLOUD
8
14 EUrsquos Directive on the Protection to the Individuals with regard to the Processing of Personal
Data and on the Free Movement of Such Data28
has imposed new restrictions on the
collection storage and public availability of the data
II Jurisdictional concerns
15 The dynamic nature of the Cloud means that data is more often in transit both within and
away from the cloud provider resulting in multiple jurisdictional claims on the same
information There is no international treaty or any kind of consensus as to which law should
be deemed applicable in case of conflict
16 The result is that courts might have to rely on the physical location of the servers in which
the material is copied to determine jurisdiction29
17 The matter of jurisdiction is causing unrest in the legal fraternity The issues of cross-border
cases result in the courts exercising long-arm jurisdiction The courts are currently trying to
sew together the fabric of private international law with the territorial legislations in order to
counter the problems The result is just a patchwork solution to the cloud issues
III Intellectual property concerns
18 Online platforms offered by intermediaries allow users to upload and share material30
There
are also platforms for exchange of specified assets31
which facilitate additional activities
which enable users to follow other users32
In all these instances the transactions take place
in the ldquocloudrdquo
19 Intellectual property primarily relates to information whether confidential or data
expressions of ideas (protected primarily by copyright) signs and branding (protected by
(section 505) In an attempt to strengthen government control over the internet Cambodia is implementing a
government-controlled national exchange point through which all internet service providers (ISP) must go in order
to access the national market Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE
March 2 2010 lthttpbitlybrP14Mgt (last access on 6 December 2014) 28
94 46 EC October 1995 29
The German Federal Court in a case between Google and an artist whose paintings were depicted in the search
engine index as thumbnails did not go into the issue whether the depiction amounted to a reproduction of the work
as the server was situated in USA Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany
German Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-8078-
b5d6e9942855pdf See also Hillary Stemple Germany High Court Rules Google Images Do Not Violate
Copyright Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-google-did-
not-violate-copyright-lawsphp( last access on 12 December 2014 ) 30
Eg Blogging facilitated by Google Wordpress Flikrcom 31
Eg eBay Amazon 32
Social networking sites such as Facebook and LinkedIn
LEGAL CHALLENGES IN THE CLOUD
9
copyright and trademarks) and the underlying structures of intellectual ecommerce whether
hardware or software (protected by copyright or patents) Protection of intellectual property
rights from potential infringement has become a herculean task in the cloud environment
20 The cloud due to its nebulous nature possesses a number of infringement possibilities The
main concern over the protection of intellectual property is that they are territorial rights
This makes it difficult to determine whether there is infringement or not The question
whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this
point as there is no territorial infringement as such
21 Even if there is infringement it cannot be efficiently detected to serve the purpose of the
intellectual property protection due to the fragmented nature of the data in the cloud Reverse
engineering is also unhelpful to trace the locus of infringement33
22 The content stored in the cloud is in digital form which can be disseminated instantaneously
rapidly copied by third parties and difficult to monitor in the cloud Hence it is difficult to
track the elements of infringement per se Further the disclaimer clauses and the liability
clauses in the service contracts are usually drafted in such a manner so as to keep liability
risks at bay
23 However the offence of lsquoinducement to infringersquo is being applied by courts and plaintiffs to
deal with this problem
24 There is no definitive law to tackle divided infringement The cloud is facilitated by the
hardware owners service providers and the cloud itself might be the result of a subcontract
among the parties Hence in these cases there arises the situation of divided infringement
IV Lack of control over the data in the cloud
25 Storage of data in different locations through distribution over a wider area and a number of
resources increases the security chances but at the same time it has its negatives
Information in the cloud is actually stored in a place which is out of userrsquos control Access to
cloud storage data could be removed at any time and this is also outside the control of the
33
The access from resources not owned by the cloud consumer is possible as the intermediate connection between
source and target storage devices is provided by the Internet in most cases Hence it is not a simple matter to
identify the path that the data takes from source storage device to the target storage device as this path may not
remain fixed Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic Process
Model MURDOCH UNIVERSITY AUSTRALIA DOI 104018978-1-4666-2662-1ch004
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
7
12 When data is stored in the cloud it means that the CSP has the data of the cloud user
However the CSP may have subcontracted the storage function to another company There
might be many other sub-contractor companies which enable the cloud This means that the
third party company could change their terms and conditions or upgrade their hardware
software without any permission or knowledge of the user Upgrades and amendments in the
privacy policy may cause the data to be exposed on the internet23
Further the customer
agreement is subject to the Service Level Agreements of the CSPrsquos The threat of third party
access always looms over the head of the user24
and the possibility of security glitches
cannot be ignored25
13 The data is likely to be stored in another country with more or less data protection It is
subjected to local laws that are outside the control of the data owner Most cloud storage
providers (Dropbox Google Drive OneDrive etc) do not encrypt data at rest26
Encryption
of data in the cloud allows the CSP to guarantee the protection of the data from unauthorized
access of data by third parties to some extent But legal access to the data in the cloud can
also be a problem to the user Situations can also arise where information stored in a certain
country is by legal obligation made available to that countryrsquos authorities such as police or
intelligence authorities27
23
Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud last access on 10
December 2014 24
See Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange Austin Tex) (Issue No 2) 25
Both Google Docs and Dropbox have experienced security glitches In 2009 a glitch within Google Docs caused
private documents to be inadvertently exposed75 JR Raphael Google Docs Glitch Exposes Private Files
PCWORLD (Mar 9 2009 120 PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-
fileshtml In 2011 Dropbox disclosed a bug that created a gateway for potential hackers to obtain access to
confidential information from any Dropbox user for the hacker merely needed the users e-mail address to have
unfettered access to [the users] entire Dropbox Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball in 2012 Dropbox publicly reported another security
glitch Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012 737 PM)
httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-offers users-help see also Barb
Darrow Dropbox Yes We Were HackedGIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014) (last access on 8 Decmber
2014) 26
Supra n 22 27
The PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001) in the United States allows federal security agencies to directly utilize Cloud
providerrsquos infrastructure for wiretapping and surveillance purposes which can also be accompanied with a gag order
LEGAL CHALLENGES IN THE CLOUD
8
14 EUrsquos Directive on the Protection to the Individuals with regard to the Processing of Personal
Data and on the Free Movement of Such Data28
has imposed new restrictions on the
collection storage and public availability of the data
II Jurisdictional concerns
15 The dynamic nature of the Cloud means that data is more often in transit both within and
away from the cloud provider resulting in multiple jurisdictional claims on the same
information There is no international treaty or any kind of consensus as to which law should
be deemed applicable in case of conflict
16 The result is that courts might have to rely on the physical location of the servers in which
the material is copied to determine jurisdiction29
17 The matter of jurisdiction is causing unrest in the legal fraternity The issues of cross-border
cases result in the courts exercising long-arm jurisdiction The courts are currently trying to
sew together the fabric of private international law with the territorial legislations in order to
counter the problems The result is just a patchwork solution to the cloud issues
III Intellectual property concerns
18 Online platforms offered by intermediaries allow users to upload and share material30
There
are also platforms for exchange of specified assets31
which facilitate additional activities
which enable users to follow other users32
In all these instances the transactions take place
in the ldquocloudrdquo
19 Intellectual property primarily relates to information whether confidential or data
expressions of ideas (protected primarily by copyright) signs and branding (protected by
(section 505) In an attempt to strengthen government control over the internet Cambodia is implementing a
government-controlled national exchange point through which all internet service providers (ISP) must go in order
to access the national market Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE
March 2 2010 lthttpbitlybrP14Mgt (last access on 6 December 2014) 28
94 46 EC October 1995 29
The German Federal Court in a case between Google and an artist whose paintings were depicted in the search
engine index as thumbnails did not go into the issue whether the depiction amounted to a reproduction of the work
as the server was situated in USA Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany
German Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-8078-
b5d6e9942855pdf See also Hillary Stemple Germany High Court Rules Google Images Do Not Violate
Copyright Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-google-did-
not-violate-copyright-lawsphp( last access on 12 December 2014 ) 30
Eg Blogging facilitated by Google Wordpress Flikrcom 31
Eg eBay Amazon 32
Social networking sites such as Facebook and LinkedIn
LEGAL CHALLENGES IN THE CLOUD
9
copyright and trademarks) and the underlying structures of intellectual ecommerce whether
hardware or software (protected by copyright or patents) Protection of intellectual property
rights from potential infringement has become a herculean task in the cloud environment
20 The cloud due to its nebulous nature possesses a number of infringement possibilities The
main concern over the protection of intellectual property is that they are territorial rights
This makes it difficult to determine whether there is infringement or not The question
whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this
point as there is no territorial infringement as such
21 Even if there is infringement it cannot be efficiently detected to serve the purpose of the
intellectual property protection due to the fragmented nature of the data in the cloud Reverse
engineering is also unhelpful to trace the locus of infringement33
22 The content stored in the cloud is in digital form which can be disseminated instantaneously
rapidly copied by third parties and difficult to monitor in the cloud Hence it is difficult to
track the elements of infringement per se Further the disclaimer clauses and the liability
clauses in the service contracts are usually drafted in such a manner so as to keep liability
risks at bay
23 However the offence of lsquoinducement to infringersquo is being applied by courts and plaintiffs to
deal with this problem
24 There is no definitive law to tackle divided infringement The cloud is facilitated by the
hardware owners service providers and the cloud itself might be the result of a subcontract
among the parties Hence in these cases there arises the situation of divided infringement
IV Lack of control over the data in the cloud
25 Storage of data in different locations through distribution over a wider area and a number of
resources increases the security chances but at the same time it has its negatives
Information in the cloud is actually stored in a place which is out of userrsquos control Access to
cloud storage data could be removed at any time and this is also outside the control of the
33
The access from resources not owned by the cloud consumer is possible as the intermediate connection between
source and target storage devices is provided by the Internet in most cases Hence it is not a simple matter to
identify the path that the data takes from source storage device to the target storage device as this path may not
remain fixed Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic Process
Model MURDOCH UNIVERSITY AUSTRALIA DOI 104018978-1-4666-2662-1ch004
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
8
14 EUrsquos Directive on the Protection to the Individuals with regard to the Processing of Personal
Data and on the Free Movement of Such Data28
has imposed new restrictions on the
collection storage and public availability of the data
II Jurisdictional concerns
15 The dynamic nature of the Cloud means that data is more often in transit both within and
away from the cloud provider resulting in multiple jurisdictional claims on the same
information There is no international treaty or any kind of consensus as to which law should
be deemed applicable in case of conflict
16 The result is that courts might have to rely on the physical location of the servers in which
the material is copied to determine jurisdiction29
17 The matter of jurisdiction is causing unrest in the legal fraternity The issues of cross-border
cases result in the courts exercising long-arm jurisdiction The courts are currently trying to
sew together the fabric of private international law with the territorial legislations in order to
counter the problems The result is just a patchwork solution to the cloud issues
III Intellectual property concerns
18 Online platforms offered by intermediaries allow users to upload and share material30
There
are also platforms for exchange of specified assets31
which facilitate additional activities
which enable users to follow other users32
In all these instances the transactions take place
in the ldquocloudrdquo
19 Intellectual property primarily relates to information whether confidential or data
expressions of ideas (protected primarily by copyright) signs and branding (protected by
(section 505) In an attempt to strengthen government control over the internet Cambodia is implementing a
government-controlled national exchange point through which all internet service providers (ISP) must go in order
to access the national market Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE
March 2 2010 lthttpbitlybrP14Mgt (last access on 6 December 2014) 28
94 46 EC October 1995 29
The German Federal Court in a case between Google and an artist whose paintings were depicted in the search
engine index as thumbnails did not go into the issue whether the depiction amounted to a reproduction of the work
as the server was situated in USA Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany
German Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-8078-
b5d6e9942855pdf See also Hillary Stemple Germany High Court Rules Google Images Do Not Violate
Copyright Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-google-did-
not-violate-copyright-lawsphp( last access on 12 December 2014 ) 30
Eg Blogging facilitated by Google Wordpress Flikrcom 31
Eg eBay Amazon 32
Social networking sites such as Facebook and LinkedIn
LEGAL CHALLENGES IN THE CLOUD
9
copyright and trademarks) and the underlying structures of intellectual ecommerce whether
hardware or software (protected by copyright or patents) Protection of intellectual property
rights from potential infringement has become a herculean task in the cloud environment
20 The cloud due to its nebulous nature possesses a number of infringement possibilities The
main concern over the protection of intellectual property is that they are territorial rights
This makes it difficult to determine whether there is infringement or not The question
whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this
point as there is no territorial infringement as such
21 Even if there is infringement it cannot be efficiently detected to serve the purpose of the
intellectual property protection due to the fragmented nature of the data in the cloud Reverse
engineering is also unhelpful to trace the locus of infringement33
22 The content stored in the cloud is in digital form which can be disseminated instantaneously
rapidly copied by third parties and difficult to monitor in the cloud Hence it is difficult to
track the elements of infringement per se Further the disclaimer clauses and the liability
clauses in the service contracts are usually drafted in such a manner so as to keep liability
risks at bay
23 However the offence of lsquoinducement to infringersquo is being applied by courts and plaintiffs to
deal with this problem
24 There is no definitive law to tackle divided infringement The cloud is facilitated by the
hardware owners service providers and the cloud itself might be the result of a subcontract
among the parties Hence in these cases there arises the situation of divided infringement
IV Lack of control over the data in the cloud
25 Storage of data in different locations through distribution over a wider area and a number of
resources increases the security chances but at the same time it has its negatives
Information in the cloud is actually stored in a place which is out of userrsquos control Access to
cloud storage data could be removed at any time and this is also outside the control of the
33
The access from resources not owned by the cloud consumer is possible as the intermediate connection between
source and target storage devices is provided by the Internet in most cases Hence it is not a simple matter to
identify the path that the data takes from source storage device to the target storage device as this path may not
remain fixed Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic Process
Model MURDOCH UNIVERSITY AUSTRALIA DOI 104018978-1-4666-2662-1ch004
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
9
copyright and trademarks) and the underlying structures of intellectual ecommerce whether
hardware or software (protected by copyright or patents) Protection of intellectual property
rights from potential infringement has become a herculean task in the cloud environment
20 The cloud due to its nebulous nature possesses a number of infringement possibilities The
main concern over the protection of intellectual property is that they are territorial rights
This makes it difficult to determine whether there is infringement or not The question
whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this
point as there is no territorial infringement as such
21 Even if there is infringement it cannot be efficiently detected to serve the purpose of the
intellectual property protection due to the fragmented nature of the data in the cloud Reverse
engineering is also unhelpful to trace the locus of infringement33
22 The content stored in the cloud is in digital form which can be disseminated instantaneously
rapidly copied by third parties and difficult to monitor in the cloud Hence it is difficult to
track the elements of infringement per se Further the disclaimer clauses and the liability
clauses in the service contracts are usually drafted in such a manner so as to keep liability
risks at bay
23 However the offence of lsquoinducement to infringersquo is being applied by courts and plaintiffs to
deal with this problem
24 There is no definitive law to tackle divided infringement The cloud is facilitated by the
hardware owners service providers and the cloud itself might be the result of a subcontract
among the parties Hence in these cases there arises the situation of divided infringement
IV Lack of control over the data in the cloud
25 Storage of data in different locations through distribution over a wider area and a number of
resources increases the security chances but at the same time it has its negatives
Information in the cloud is actually stored in a place which is out of userrsquos control Access to
cloud storage data could be removed at any time and this is also outside the control of the
33
The access from resources not owned by the cloud consumer is possible as the intermediate connection between
source and target storage devices is provided by the Internet in most cases Hence it is not a simple matter to
identify the path that the data takes from source storage device to the target storage device as this path may not
remain fixed Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic Process
Model MURDOCH UNIVERSITY AUSTRALIA DOI 104018978-1-4666-2662-1ch004
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
10
user34
The cloud customer is not in a position to monitor the data handling practices of the
CSP35
The account can be deleted and all the data stored in it may be lost This is of most
concern when what is stored is sensitive data36
26 In the cloud not even the user has any whereabouts of his data37
The external server may be
shifted or relocated without his consensus38
Adding to this the conflict between privacy laws
in various jurisdictions we get the whole fuzzy picture of the cloud
CHAPTER 4
OVERVIEW OF INTELLECTUAL PROPERTY ISSUES IN THE CLOUD
I Trademark
34
Back-up failures and an increase in hacking attempts also challenge cloud users Lucas Mearian Latest Cloud
Storage Hiccups Prompts Data Security Questions COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682 last access on 9 December 2014 Also see Thomas Claburn
Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM (Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054 (providing an example of an
unrelated outage with Amazon EC2 which experienced technical problems that slowed or disabled access to
websites of customers using Engine Yard Foursquare Hootsuite Heroku Quora and Reddit) last access on 9
December 2014 35
Cloud Computing Security Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (November 20 2009) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment last access on 12 December 2014 36
Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD Vol7 No 9
June-July 2010 httpwwwgujaratinformaticscompdfCloud20Computingpdf last access on 9 December
2014 37
Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248 AM)
httpwwwabajournalcommagazinearticleget your-head in the cloud explaining that when firms use cloud
service providers the vendors are responsible for purchasing maintaining and updating hardware and software
not the firm itself (describing the movement of data at the discretion of the cloud provider for example [f]irst we
had your data in Santa Fe but then we moved it to Duluth and now weve built a data warehouse in Iceland) last
access on 10 December 2014 38
Id
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
11
27 Trademark protection in context of the cloud is challenging as to what constitutes trademark
infringement and how exactly is the right to be protected in the cloud There is a growing
international consensus that the protection of trademarks should extend to the Internet and
that such protection should neither be less nor more extensive than outside the Internet39
a Infringement of trademark in the cloud
28 Infringement of trademark can be extensive or restrictive infringement Clouds which
facilitate exchange of specific assets like eBay and Amazon are more prone to cases of
trademark infringement A sign posted in the cloud will be visible worldwidemdasheven in a
country in which it was not intended to be used in There might be a conflicting right existing
in such a country Hence the use of the sign will make the owner of the sign susceptible to
infringement claims literally all over the world40
This is an instance of extensive
infringement Restrictive infringement requires a link between the use of the sign on the
Internet and the country in which the trademark requires protection41
In order to fix liability
the user should have intended the effect in any of the countries Activities in which trademark
can be infringed include advertising delivery of digital goods or services and mail orders
29 While deciding the trademark disputes the courts must keep in mind that the long-arm
jurisdiction that they exercise does not encroach upon the sovereignty of another country In
short the courts must make their orders adaptable to cyberspace environment
b Enable coexistence of conflicting rights
30 International consensus is required on the criteria to determine the link between the use of a
sign and the trademark protection Otherwise different countries will adopt different means
of tackling it
31 Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement
claims in particular territories where there might be conflicting rights But this is not a
pragmatic solution42
Another means to prevent trademark issues is to enable technical
39
WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34) para 6 at
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf last access on 9 December 2014 40
WIPO document SCT 29 para 62 41
Id paras 28 to 34 and 62 to 66 42
The following inconveniences accompany the use of disclaimers
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
12
mechanisms to block access to particular users and to refuse to deliver to consumers in a
particular country Even then the rights of the unregistered trademark holders are susceptible
to be overlooked Since trademark rights are protected only on a territorial basis when it is
threatened with a potential worldwide infringement the law reaches a cul de sac The
international legal fraternity has not reached upon a consensus as to the criteria to apply for
infringement and its exceptions 43
c Trademark infringement cases
32 The test formulated in the case Inwood Labs Inc v Ives Labs Inc44
remains the yardstick
for determining the liability of service providers In Tiffany (NJ) Inc v eBay Inc45
where
Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany
products the court applied the Inwood test46
and held that eBay is not liable since it did not
have specific knowledge of the infringement
33 However in Louis Vuitton Malletier SA v Akanoc Solutions Inc47
the court interpreted
the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages
to Louis Vuitton (ldquoVuittonrdquo) imposing liability on Akanoc Solutions Inc (ldquoAkanocrdquo) for
contributory infringement of Vuittonrsquos trademarks and copyrights Akanoc had rented out
their server space IP addresses and bandwidth to foreign resellers of the same services who
resold it to companies who sold counterfeit Vuitton goods
34 The difference between the two cases can be whittled down to the fact that while eBay had a
detailed trademark policy in place Akanoc had none Further another feature distinguishing
the two cases were that while eBay had only a general knowledge of infringement Akanoc
a The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them This
may even include individual rights
b Disclaimers must be in the language of the particular countries
c Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
d There is the residual risk of confusion WIPO document SCT 29 paras 37 and 66 43
Supra n38 para 30to 31 44
456 US 844 854 (1982) 45
600 F3d 93 (2d Cir 2010) 46
Under Inwood a service provider is liable for contributory trademark infringement if one of two conditions is
met
a The provider ldquointentionally induced another to infringe a trademarkrdquo or
b The provider continued to supply its services to a user who it knew or had reason to know was infringing on
trademarks 47
658 F3d 936 (9th Cir 2011
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
13
knew or should have known of the specific incidents of infringement48
There is a liability on
the service provider for continuing to provide services to infringers after being notified of the
infringement
II Copyright
35 Copyright issues are more problematic in the cloud When the various laws of copyright meet
in the cloud the result is ambiguity What is an infringement in one country may not be so in
another For example if a copyrighted work is copied and disseminated by a user in India
after the period of protection has expired (ie60 years) it would still infringe the US
Copyright Act which guarantees protection for 70 years Hence the courts must tread with
caution when trying to define the dynamic landscape of the cloud with respect to copyright
36 The next question is regarding the liability for copyright violation Whether the cloud service
providers can be made liable for any infringement of copyright using their services is
debatable One argument is that they act as merely conduit pipes for communication As
intermediaries they cannot be imposed with any liability for the copyright infringement by
users But the counter argument can be that they induce infringement by users and are hence
liable for that inducement
37 The scope of copyright itself is called into question in the cloud arena There is an underlying
presumption that the owner of the copyright can only control the display uses of the
copyrighted material When searching sites like Google copy whole books for the purpose of
indexing them (for refining the search technology) it is a non display use The cloud
providers are clearly making a commercial use of the works owned by others
38 Another issue is the making of copies of copyright protected material within cloud
computing and which rules apply in this instance For example the owner of a software
programme or music file does not have a general ownership per se but rather a license to an
individual copy Some countries allow individuals to make copies of music and film files for
private use as well as to a close circle of friends and family But when files are saved on
cloud servers it is difficult to interpret what this means and uncertainty exists regarding
what distribution is permissible
48
Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory Infringement Not
Absolute SKADDEN (Sept 18 2009) httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
14
39 Furthermore it is unclear what responsibility intermediaries who are often suppliers of cloud
services have in the supply of copyright protected material Since copyright protected
material is protected in certain countries but not in others this can lead to geographical
limitations and uncertainty regarding licensing rights for both companies and private
customers49
a Cloudiness of the cloud illustrated
40 In Penguin v American Buddha50
the court dismissed the case on the ground of lack of
jurisdiction American Buddha maintained a website known as Ralph Nader Library The
information available in the library website was stored in servers located in States of Arizona
and Oregon When Penguin found out that four of their printed works were available in the
website it filed a lawsuit against American Buddha in the US District Court for the Southern
District of New York claiming that the uploading and making available of the books
infringed Penguinrsquos copyright The New York District court agreed with the defendant that
the place of the injury was lsquowhere the books were electronically copiedrsquo ie where the
servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin
was located
41 The courts must tread with utmost care when dealing with the infringement cases as their
decision might affect a third party in another country as well The effect of the copying is felt
wherever the website is available By resorting to a determination which is based on mere
technical aspect of the cloud this decision has made it even harder for a wronged right-
holder to get justice
42 Determining the liability of the cloud providers in cases of infringement has turned out to be
the most confounding ground for the jurists There is no agreement at all on whether they are
liable directly or indirectly or whether there is vicarious liability or contributory liability
The following cases highlight the fluctuating responses of the judiciary as to the liability of
the service providers
43 In Religious Technology Center v Netcom On-Line Communication Services Inc51
the court
held that actual knowledge of specific acts is required to establish contributory infringement
it was observed that in an online context evidence of actual knowledge of specific acts of
49
Supra n 6 50
Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010) (ldquoAmerican Buddha IIrdquo) 51
907 F Supp 1371(1995)
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
15
infringement is required to hold a computer system operator liable for contributory copyright
infringement In the Netcom case the court attributed lsquosubstantial participation in
copyrighted materialrsquo upon Netcom due to its failure to stop an infringing copy from being
distributed worldwide
44 In the Betamax Case52
the US Supreme Court supported the proposition that where the
alleged technology is capable of substantial non-infringing use its creators should not be
held liable for infringement This defense was disallowed when it was found that there is
actual knowledge of specific infringements in AampM Records Inc v Napster Inc53
45 In Arista Records LLC v Usenetcom Inc54
the cloud at issue here was the USENET
Network ldquoa global system of online bulletin boardsrdquo on which subscribers could post their
own messages or files and download files posted by others The court reasoned that
ldquorampantrdquo evidence of copyright infringement occurring on the USENET and undisputed
evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded
by users inter alia prove that the defendants actively promoted direct copyright
infringement and that they intended to induce or foster copyright infringement by the clouds
users55
46 In Disney Enterprises Inc et al v Hotfile Corp et al56
the Southern District of Florida
dismissed direct infringement claims brought by a group of movie studios against Hotfile an
internet storage service but refused to dismiss claims for inducement contributory and
vicarious liability While the Southern District of California recently upheld direct
infringement claims against a file storage service but denied claims for secondary liability
in Perfect 10 Inc v Megaupload Ltd et al57
52
Sony Corp of America v Universal City Studios Inc 464 US 417 (1984) 53
239 F3d 1004 1021 (9th Cir 2001) 54
2009 WL 1873589 (SDNY) (June 30 2009) 55
Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud Computing Case law
BOSTON COLLEGE INTELLECTUAL PROPERTY amp TECHNOLOGY FORUM httpbciptforgwp-
contentuploads2011071-AVOID-THE-RAINY-DAYpdf last access on 9 December 2014 56
2011 US Dist LEXIS 78387 (July 8 2011) 57
2011 US Dist LEXIS 81931 (July 27 2011)
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
16
47 The Southern District of New York held in Capitol Records Inc et al v MP3tunes LLC et
al58
that even if liability attaches storage locker services may be eligible for the safe
harbor protections in section 512(c) of the Digital Millennium Copyright Act59
b Further concerns in the cloud
48 The rights exercised by the cloud providers as they cause the materials to be copied and
transmitted remains to be distinguished from the exclusive rights of the copyright owner
The need to identify this matter arises when the users avail the same rights without any
authorization Since it is the service providers who make those services available does the
liability fall upon them
III Trade Secret
49 Private and confidential data protection is a huge concern in cloud computing That is the
threat against trade secrets as well Trade secret is information that is subject to attempts that
are reasonable under the circumstances to maintain its secrecy It can be a formula pattern
compilation program technique device method or process60
When a corporation puts all
its data into a cloud it could contain details as to its clients financials etc which is
confidential It could also qualify as business methods as it is sufficient to reveal valuable
information to a rival company The company loses physical access to the server which hosts
this information When such data is kept in the cloud the reliability of the cloud is the crucial
factor
50 The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement
(standard form contracts) There is not much space for negotiation as to suitability of the
resources to particular needs But the standard levels of security need not meet all the
requirement of security of a particular user Even encryption can only go so far as to prevent
58
07 Civ 9931 (WHP) 59
Section 512(a) of the Digital Millennium Copyright Act which allows an Internet service provider to provide
connections for material that is temporarily stored on its service with impunity provided it meets the following
conditions
a An individual other than the service provider initiated or directed the transmission of the material at issue
b The Internet service provider did not select the material being transferred routed or stored but instead the
process is completed automatically
c Another person not the service provider selects the recipient of the material
d The material housed on the server is not available to individuals other than the named recipient nor is it
available to the intended recipient for an unreasonably long period of time
e The Internet service provider does not alter or modify the materials content 60
Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
17
innocent access It cannot keep away the intentional hackers with a proficiency in
unscrambling and decrypting or malicious insiders61
51 Third party access is a rational concern of the user especially since even laws of some
countries facilitate it User data can be handed over to foreign countries on request with or
without the knowledge of the user Since the cloud data is in transit the country through
which it passes has the potential to request such data according its laws62
Even countries are
concerned over the lack of privacy of data in the cloud63
Not to mention that the downtime
of the cloud can prove potentially disastrous for the companies which depend on these
clouds for their day to day transactions 64
52 There is uncertainty about the protection the data in the cloud will get from courts also It is
yet to be decided whether such data will qualify the lsquoreasonably protectedrsquo criteria of trade
secrets if it is stored in the cloud65
When the information that is usually kept locked in the
office cabinet is stored in the cloud it should at least be given a protection which is more
than is usually provided in the cloud The only sound advice to protect trade secrets at
present is to not store confidential matter in the cloud
61 ANTHONY T VELTE TOBY J VELTE ROBERT ELSENPETER CLOUD COMPUTING A PRACTICAL
APPROACH 139 (2009) See also Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010) According to a recent Cloud Security
Alliance Report insider attacks are the third biggest threat in cloud computing 62
Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-8E02000C296BA163gt Also Transparency
Report User Data Requests GOOGLE lthttpwwwgooglecomtransparencyreportuserdatarequests last access
on 9 December 2014 63
Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud COMPUTERWORLD (July 5
2011) httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on US_accessto EU
cloud (describing the European Unions reaction on learning that Microsoft was unable to guarantee that the data of
citizens utilizing Microsofts cloud services would not be subject to release under the USA PATRIOT Act) See also
Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18 2011)
httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor last access on 9 December 2014 64
Google Amazon Microsoft all of them has succumbed to cloud outages Carly Okyle Microsoft Says 11- Hour
Azure Outage Was Caused by System Update ENTREPRENEUR November 20 2014
httpwwwentrepreneurcomarticle240029 Also Cloud Outages Cloud Services Downtime And The Lasting
Impact CRN httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm 65 Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22 2014)
httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-secrets-in-the-cloud (last accessed
on 15 Dec 2014)
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
18
CHAPTER 5
HARMONIZING IP WITH THE CLOUD
53 Attempts have been made in the international scenario to bring some kind of harmony in the
laws of the countries to give meaning to the rights in the technological era The lack of an
international binding agreement to solve issues in the cloud is well felt TRIPS agreement has
succeeded in synchronizing the laws of WTO member countries but it is insufficient to
protect the valuable rights in the cloud environment The territoriality of the IP protection
meant that the protection had to be claimed from the court in the places in which the
protection is sought
54 Significant attempts to evolve a regulatory instrument have been initiated by the National
Institute for Standards and Technology (NIST)66
the Cloud Security Alliance (CSA)67
Organization for Economic Cooperation and Development (OECD) 68
and the International
Telecommunications Union (ITU)69
There have also been attempts to standardize the cloud
services and to make customers aware of the problems underlying the cloud70
A
comprehensive set of rules dealing with jurisdiction choice of law and recognition and
enforcement of foreign judgments in disputes concerning the exploitation of IP rights were
prepared by experts in US71
Europe72
and Asia73
(including the ALI Principles CLIP
Principles Japanese Transparency Proposal Waseda Proposal and the Korean KOPILA
66
Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public Cloud Computing
Special Publication 80- 144 httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf last access on 10
December 2014 67
Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider)
httpscloudsecurityallianceorgresearchccm last access on 11 December 2014 68
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data available at
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html 69
Focus Group on Cloud Computing httpwwwituintenITU-TfocusgroupscloudPagesdefaultaspx 70
Supra n 34 Also Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
last access on 11 December 2014 71
The American Law Institute Intellectual Property Principles Governing Jurisdiction Choice
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008) 72
European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws in
Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University Press 2013) 73
ldquoTransparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm see also
ldquoJoint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-commerceorgactivitypdf2808pdf
accessed on 12 December 2014
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
19
Principles) The prime concern of these drafters was to clarify a forum or streamline the
number of fora for adjudication of the disputes The ALI approach was to bring the dispute to
the court in the place where substantial injury occurred whereas the Japanese Transparency
approach focused on the forum where significant market interests of the right holder are
affected74
It is essential to analyze theses attempts in order to evolve a flexible approach
55 The European Union has proposed a draft General Data Protection Regulation (GDPR) to
substitute the European Union Data Protection Directive 9546EC in 2012 to deal with
technological innovations like cloud computing comprehensively In 2010 Microsoft
proposed the Cloud Computing Advancement Act to reconcile the differences in the national
laws and to secure a better cloud environment75
56 However reigning in the cloud within regulation is bound to be a unique challenge due to the
multifaceted aspects involved in the cloud Any new initiative to counter the abuse of the
cloud must be calculated to balance the interests of both the consumers and those of the
providers Since any regulation imposed on the cloud would inevitably affect the sovereignty
of the various jurisdictions an international instrument to prescribe uniform standards and to
resolve the conflict of the laws is the need of the hour
CHAPTER 6
INDIArsquoS TRYST WITH THE CLOUD
74 Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI Principles and other
Legislative Proposals in a Comparative Perspective (2012)3(2) JIPITEC 174- 226
75
Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud January
20 2010 MICROSOFT NEWS CENTER httpnewsmicrosoftcom20100120microsoft-urges-
government-and-industry-to-work-together-to-build-confidence-in-the-cloud last access on 9 December
2014
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
20
57 India is not left far behind in the cloud arena With the initiative of the GI cloud Meghraj
India has also identified the potential of the cloud (notwithstanding the risks in the cloud)76
In the Strategic Direction Paper the Government has also ear marked the major issues in the
cloud
58 The Indian Civil Procedure Code 1908 bases territorial jurisdiction on two principles the
place of residence of the defendant and the place where the cause of action arises However
there are no determinants as to how these are to be determined in the cloud context The
cause of action can be either the place from where the site is accessed or where the server is
located77
In either case there is ambiguity as a number of fora can fulfill these criteria
59 The Information Technology Act 2000 deals with computers computer networks electronic
data cyber regulations and the like The Act is insufficient to deal with the technological
advancements and related issues in the cloud It provides that a cloud service provider is not
accountable for any third-party data made available by him if he shows that such
infringement or offence was committed without his awareness or that he has exercised due
diligence as prescribed by the Government for the prevention of such offence78
As far as copyright is concerned Section 8179
of the Information Technology Act protects it
But this does not extend to the other intellectual property Presently there is no binding
guidelines or principles to protect the users from the other multifarious problems in the
cloud
CHAPTER 7
CONCLUSION
76
GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and Information
Technology Ministry of Communications and Information Technology Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report(1)pdf 77
NANDAN KAMATH LAW RELATING TO COMPUTERS INTERNET AND E-COMMERCE (2002) 78
Section 79 The Information Technology Act No 21 of 2000 Network service providers not to be liable in
certain cases-For the removal of doubts it is hereby declared that no person providing any service as a network
service provider shall be liable under this information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention Act rules or regulations made thereunder for any third party
Explanation-For the purposes of this section- (a) network service provider means an intermediary (b) third
party information means any information dealt with by a network service provider in his capacity as an
intermediary 79
Section 81 proviso Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act 1957 or the Patents Act 1970
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
21
The only products that can be delivered on the Net are intellectual goods and the internet
will reach its potential only if one strengthens its intellectual property protections
- William Daley80
60 The cloud has immense potential to be the next lsquothingrsquo in technology It needs to be
harnessed within a framework of laws So far the judiciary has tried to align the cases within
the traditional framework81
However it merely serves as a patchwork solution
61 The growing competition in this arena will see to it that the providers are regulated suo
motto But for now the customers are at the mercy of shrewdly drafted standard form
contracts Cloud computing issues concerning intellectual property is yet to be defined and
demarcated The case laws currently available are fact specific and cannot constitute any
authoritative precedent Waiting for the courts to evolve a law for the cloud is unfair to the
users Especially to the IP right holders who have to make the most within the prescribed
period of protection Having a transparent IP policy and service protocols will provide the
CSP with the safe harbor cover of lsquodue diligencersquo 82
and bode well for the customers as well
62 However the fact that there are no laws to address the crisis (when it strikes) looms like the
sword of Damocles over netizens It shows that the nations are unprepared to meet such a
situation The instances of harm already done cannot be ignored as lsquowill-not-happen-againrsquo
events If the courts start using the extended arm of the law to deal with issues in the cloud
any cloud user will have to be wary of a legal notice for infringement or misuse from any
part of the globe Hence the law to regulate it must be operable beyond any territorial
80
William Daley Secy of Commerce for the United States of America Keynote address at WIPO Conference on
Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml 81 Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html last access on 12 December 2014 82 RODNEY D RYDER INTELLECTUAL PROPERTY AND THE INTERNET 49- 50 ( 2002) Websites terms
and conditions should deal with the following
a Copyright and trademark ownership with clear notice of the rights retained by the vendor in the website
b In the case of downloadable material what can be done with the download such as limiting the use on certain
computers or for non- commercial purposes
c Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or
promises
d Limiting or excluding responsibility for linking to other sites For example Microsoft notice of infringement
httpswwwmicrosoftcominfoCloudaspx (cloud named OneDrive)
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
22
limitations An international system modeled on the UN Convention on the Law of The Sea
(UNCLOS) seems to be a possible solution to this borderless problem83
63 An added advantage would be provided if an international cloud registration center is
established to study the multi-faceted aspects of the cloud to allocate cloud space to
demarcate the boundaries to define the cloud policies and to deal with the technical issues
that arise84
In fact there is an urgent need for such an institution
BIBLIOGRAPHY
I BOOKS
1 Buyya Rajkumar James Broberg And Andrzej Goscinski (Ed) Cloud Computing
Principles And Paradigms 2011 John Wiley amp Sons Inc
2 Kamath Nandan Law Relating to Computers Internet and E-commerce Second Edition
2002 Universal Law Publishing Co Pvt Ltd
3 Rittinghouse John W amp James F Ransome Cloud Computing Implementation
Management And Security 2010
4 Rosen Jan (Ed) Intellectual Property at the Crossroads of Trade ATRIP Intellectual
Property 2012 Edward Elgar
5 Ryder Rodney D Intellectual Property and the Internet 2002 LexisNexis Butterworths
6 Sosinski Barrie Cloud Computing Bible Buyya 2011 Indianapolis Wiley Publishing Inc
83
Narayanan V Harnessing the Cloud Internatioanl Law Implications of Cloud Computing 12 Chi J Intrsquol L
783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The University of Chicago pp 806- 809
(2012) Here the demarcating factor need not be physical boundaries as in UNCLOS but it can also be the subject
matter of the dispute This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties
without instigating national reproaches 84 Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the Development of a Global
Legal Framework in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY
MANAGEMENT 45- 51 (Dr Barbara Endicott- Popovsky Ed 2013)
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
23
7 Velte Anthony T Toby J Velte Robert Elsenpeter Cloud Computing A Practical
Approach 2009
II ARTICLES
1) Barb Darrow Dropbox Yes We Were Hacked GIGAOMCOM (Aug 1 2012 445 AM)
httpgigaomcomclouddropbox-yes-we-werehacked (last visited December 12 2014)
2) Bruce Goldner Stuart D Levi amp Rita Rodin Johnston ISPs Immunity from Contributory
Infringement Not Absolute SKADDEN (Sept 18 2009)
httpvv^wwskaddencomIndexcfmcontentID= 51ampitemID=1871
3) Carly Okyle Microsoft Says 11- Hour Azure Outage Was Caused by System Update
ENTREPRENEUR November 20 2014 httpwwwentrepreneurcomarticle240029
4) Cloud Computing AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS
LTD Vol7 No 9 June-July 2010
httpwwwgujaratinformaticscompdfCloud20Computingpdf
5) Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk
of a cloud provider) httpscloudsecurityallianceorgresearchccm
6) Cloud Outages Cloud Services Downtime And The Lasting Impact CRN
httpwwwcrncomnewscloudindexcloud-outages-cloud-services-downtimehtm
7) Dara Kerr Dropbox Confirms it was Hacked Offers Users Help CNETcOM (July 31 2012
737 PM) httpnewscnetcom8301-1009_3-57483998-83dropbox-confirms-itwas-hacked-
offers users-help
8) Digital Due Process Modernizing Surveillance Laws for the Internet Age
lthttpdigitaldueprocessorgindexcfmobjectid=37940370-2551-11DF-
8E02000C296BA163
9) Eric Savitz Is It Safe to Store Your Trade Secrets in the Cloud FORBES (February 22
2014) httpwwwforbescomsitesciocentral20120222is-it-safe-to-store-your-trade-
secrets-in-the-cloud
10) European Max Planck Group on Conflict of Laws in Intellectual Property Conflict of Laws
in Intellectual Property The CLIP Principles and Commentary (Oxford Oxford University
Press 2013)
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
24
11) Fernando M Pinguelo amp Bradford W Muller Avoid The Rainy Day Survey Of US Cloud
Computing Case law BOSTON COLLEGE INTELLECTUAL PROPERTY amp
TECHNOLOGY FORUM httpbciptforgwp-contentuploads2011071-AVOID-THE-
RAINY-DAYpdf
12) Greg Buckles US PATRIOT Act Trumps EU Safe Harbor DISCOVERYJOURNAL(July 18
2011) httpcdiscoveryjoumalcom201107us-patriot-act-trumps-cu-safe-harbor
13) Hillary Stemple Germany High Court Rules Google Images Do Not Violate Copyright
Laws(April 30 2010) httpjuristorgpaperchase201004done-germany-high-court-rule-
google-did-not-violate-copyright-lawsphp
14) Hogan Lovells and Dr NiIs Rauer Thunbnails Legally Permissible in Germany German
Federal Court (February 28 2011) httpdocumentslexologycom116337f4-f0dd-41d1-
8078-b5d6e9942855pdf
15) How Borderless is the Cloud An introduction to Cloud Computing and International Trade
KOMMERSKOLLEGIUM NATIONAL BORD OF TRADE
httpwwwwtoorgenglishtratop_eserv_ewkshop_june13_ehowborderless_cloudepdf
16) Ionela Bălţătescu Cloud Computing Services Benefits Risks and Intellectual Property
Issues RESER Conference 2012 Edition httpwwwglobecorowp-
contentuploadsvolsplitvol_2_no_1geo_2014_vol2_no1_art_022pdf
17) Jack Newton Dropbox Drops the Ball SLAW (June 21 2011)
httpwwwslawca2011062 1dropbox-drops-the-ball
18) Jennifer Baker EU Upset by Microsoft Warning on US Access to EU Cloud
COMPUTERWORLD (July 5 2011)
httpwwwcomputerworldcomsarticle9218167EU_upset byMicrosoft_warning on
US_accessto EU cloud
19) Joan C Henry Establishing Personal Jurisdiction for Internet Transactions(1997) at
httpwwwlawstetsoneducoursescomputerlawpapersjhenryf97html
20) JR Raphael Google Docs Glitch Exposes Private Files PCWORLD (Mar 9 2009 120
PM) httpwwwpcworldcomarticle160927google-docsglitch-exposesjpivate-fileshtml
21) Komal Chandra Joshi Cloud Computing In Respect to Grid and Cloud Approaches ISSN
2249-6645 IJMER Vol 2 Issue 3 May- June 2012
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
25
22) Laycock Patrick J Cloud computing A brief overview of intellectual property issues in the
cloudrdquo ( November 16 2011) httpwwwsmart-
biggarcaenarticles_detailcfmnews_id=535
23) Lucas Mearian Latest Cloud Storage Hiccups Prompts Data Security Questions
COMPUTERWORLD (Mar 27 2009 1200 PM)
httpwwwcomputerworldcomsarticle9130682
24) Malpractice and Ethical Risks in Cloud Computing TLIEORG (2011)
httpwwwtlieorgnewsletterarticlesview1 82 (Texas Lawyers Insurance Exchange
Austin Tex) (Issue No 2)
25) Michael Armbrust Armando Fox Rean Griffith Anthony D Joseph Randy H Katz
Andrew Konwinski Gunho Lee David A Patterson Ariel Rabkin Ion Stoica Matei Zaharia
Above the Clouds A Berkeley View of Cloud Computing Technical Report No UCBEECS-
2009-28 httpwwweecsberkeleyeduPubsTechRpts2009EECS-2009-28html
26) Microsoft Urges Government and Industry to Work Together to Build Confidence in the
Cloud January 20 2010 MICROSOFT NEWS CENTER
httpnewsmicrosoftcom20100120microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud
27) Narayanan V Harnessing the Cloud International Law Implications of Cloud Computing
12 Chi J Intrsquol L 783Winter CHICAGO JOURNAL OF INTERNATIOANL LAW The
University of Chicago pp 806- 809 (2012)
of Law and Judgments in Transnational Disputes (Chestnut ALI Publishers 2008)
28) Paulius Jurčys International Jurisdiction in Intellectual Property Disputes - CLIP ALI
Principles and other Legislative Proposals in a Comparative Perspective (2012)3(2)
JIPITEC 174- 226
29) Richard Acello Get Your Head in the Cloud ABAJOURNALCOM (Apr 1 2010 1248
AM) httpwwwabajournalcommagazinearticleget your-head in the cloud
30) Richard Adams The Emergence of Cloud Storage and the Need for a New Digital Forensic
Process Model MURDOCH UNIVERSITY AUSTRALIA
httpresearchrepositorymurdocheduau194311emergence_of_cloud_storagepdf
31) Rivka Tadjer What Is Cloud Computing PCMAG (Nov 18 2010)
httpwwwpcmagcomarticlc202817237216300aspfbid=K-ta85K2uQY
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
26
32) Sahoo Pritish amp Taruna Jaiswal Cloud Computing And Its Legalities In India Nirma
University Law Journal Volume-4 Issue-1 July-2014 65- 78
httpwwwmanupatracoinnewslinearticlesUpload7796F62A-E75D-45FD-8EC7-
3AC01A4A5C7Apdf
33) Secure Cloud Storage Providers IMPERIAL COLLEGE LONDON available at
httpwww3imperialacukictservicessecurityhelpandadvicesensitivedatasuitablecloud
34) Sopheap Chak Cambodias Great Internet Firewall GLOBAL VOICES ONLINE March
2 2010 lthttpbitlybrP14M
35) Taty How Does Cloud Computing Work [Technology Explained] MAKEUSEOF (Mar 15
2011) httpwwwmakcuseofcomtagcloud-computing-work-technology-explained
36) The American Law Institute Intellectual Property Principles Governing Jurisdiction
Choice
37) Thomas Claburn Amazon EC2 Outage Hobbles Websites INFORMATIONWEEKCOM
(Apr 21 2011)
httpwwwinformationweekcomnewscloudcomputinginfrastructure229402054
38) Top Threats to Cloud Computing v 10 CLOUD SECURITY ALLIANCE
httpscloudsecurityallianceorgtopthreatscsathreatsv10pdf (March 2010)
39) Virginia Greiman amp Barry Unger Clearing the Air in Cloud Computing Advancing the
Development of a Global Legal Framework in PROCEEDINGS OF THE
INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT 45- 51
(Dr Barbara Endicott- Popovsky Ed 2013)
40) Vogels W A Head in the Cloudsmdashthe Power of Infrastructure as a Service In First
workshop on Cloud Computing and in Applications (CCA rsquo08) (October 2008)
41) Wayne Jansen and Timothy Grance NIST Guidelines on Security and Privacy in Public
Cloud Computing Special Publication 80- 144
httpcsrcnistgovpublicationsnistpubs800-144SP800-144pdf
42) William Daley Secy of Commerce for the United States of America Keynote address at
WIPO Conference on Electronic Commerce and Intellectual Property September 1999 at
httpecommercewipointconferencespapersdaleyhtml
III REPORTS
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
27
1) Transparency Report User Data Requests GOOGLE
lthttpwwwgooglecomtransparencyreportuserdatarequests
2) GI Cloud (Meghraj) Strategic Direction Paper April 2013 Department of Electronics and
Information Technology Ministry of Communications and Information Technology
Government of India
httpdeitygovinsitesupload_filesditfilesGICloud20Strategic20Direction20Report
(1)pdf
IV CASES
1) AampM Records Inc v Napster Inc 239 F3d 1004 1021 (9th Cir 2001)
2) Arista Records LLC v Usenetcom Inc 2009 WL 1873589 (SDNY)
3) Capitol Records Inc et al v MP3tunes LLC et al 07 Civ 9931 (WHP)
4) Disney Enterprises Inc et al v Hotfile Corp et al 2011 US Dist LEXIS 78387
5) Inwood Labs Inc v Ives Labs 456 US 844 854 (1982)
6) Louis Vuitton Malletier SA v Akanoc Solutions Inc 658 F3d 936 (9th Cir 2011
7) Penguin Group (USA) Inc v American Buddha 609 F3d (2nd Cir 2010)
8) Perfect 10 Inc v Megaupload Ltd et al2011 US Dist LEXIS 81931 (July 27 2011)
9) Religious Technology Center v Netcom On-Line Communication Services Inc 907 F
Supp 1371(1995)
10) Sony Corp of America v Universal City Studios Inc 464 US 417 (1984)
11) Tiffany (NJ) Inc v eBay Inc 600 F3d 93 (2d Cir 2010)
V INTERNATIONAL INSTRUMENTS
1) Cloud Computing Risk Assessment EUROPEAN UNION AGENCY FOR NETWORK AND
INFORMATION SECURITY (March 2010) httpswwwenisaeuropaeuactivitiesrisk-
managementfilesdeliverablescloud-computing-risk-assessment
2) Cloud Standards Coordination ETSI (2013) httpcscetsiorgwebsitehomeaspx
3) EU Directive 94 46 EC October 1995
4) Joint Japanese-Korean Proposalrdquo is available at httpglobalcoe-waseda-law-
commerceorgactivitypdf2808pdf
5) OECD Guidelines on the Protection of Privacy and
6) Transborder Flows of Personal Data
httpwwwoecdorgdocument1802340en_2649_34255_1815186_1_1_1_100html
7) Transparency Principlesrdquo available at httptomeikajurkyushu-uacjpipproposalhtm
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg
LEGAL CHALLENGES IN THE CLOUD
28
8) WIPO document lsquoUse of Trademarks on the Internet Issues Paper (SCT34)
httpwwwwipointedocsmdocssctensct_3sct_3_4pdf
9) WIPO document SCT 29 httpwwwwipointedocsmdocssctensct_2sct_2_9pdf
VI STATUTES
1) The Information Technology Act No 21 of 2000
2) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
3) Uniform Trade Secrets Act 1979
4) Indian Civil Procedure Code 1908
5) Digital Millennium Copyright Act 1998
VII INTERNET SOURCES
1) httpswwwmicrosoftcominfoCloudaspx
2) httpcsrcnistgovpublicationsnistpubs800-145SP800-145pdf
3) wwwmanupatracom
4) wwwheinonlineorg
5) wwwjstororg